Your message dated Wed, 20 Aug 2008 19:17:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#495806: fixed in pam 1.0.1-3
has caused the Debian Bug report #495806,
regarding segfault in pam_unix.so on pam_authenticate call
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
495806: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495806
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: screen
Version: 4.0.3-11
Severity: grave
Tags: security
Justification: user security hole
Hello,
Screen has started accepting any password at all at the locked screen prompt
on my testing box. I do not know when exactly this behavior started; I just
noticed it today. A different box running etch works as expected, i.e. only
unlocking when the user's system password is entered.
I have tested this with multiple users on the lenny box. Searching the
Debian screen bug reports and the screen-users mailing list turns up
nothing. The only thing I can guess right now is that it might have
something to do with new pam packages in testing. User error is always a
possibility, too. ;-)
Thank you,
Troy Davis
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages screen depends on:
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libncursesw5 5.6+20080713-1 shared libraries for terminal hand
ii libpam0g 1.0.1-2 Pluggable Authentication Modules l
screen recommends no packages.
screen suggests no packages.
-- debconf information:
screen/old_upgrade_prompt: false
--- End Message ---
--- Begin Message ---
Source: pam
Source-Version: 1.0.1-3
We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:
libpam-cracklib_1.0.1-3_amd64.deb
to pool/main/p/pam/libpam-cracklib_1.0.1-3_amd64.deb
libpam-doc_1.0.1-3_all.deb
to pool/main/p/pam/libpam-doc_1.0.1-3_all.deb
libpam-modules_1.0.1-3_amd64.deb
to pool/main/p/pam/libpam-modules_1.0.1-3_amd64.deb
libpam-runtime_1.0.1-3_all.deb
to pool/main/p/pam/libpam-runtime_1.0.1-3_all.deb
libpam0g-dev_1.0.1-3_amd64.deb
to pool/main/p/pam/libpam0g-dev_1.0.1-3_amd64.deb
libpam0g_1.0.1-3_amd64.deb
to pool/main/p/pam/libpam0g_1.0.1-3_amd64.deb
pam_1.0.1-3.diff.gz
to pool/main/p/pam/pam_1.0.1-3.diff.gz
pam_1.0.1-3.dsc
to pool/main/p/pam/pam_1.0.1-3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <[EMAIL PROTECTED]> (supplier of updated pam package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 20 Aug 2008 11:55:47 -0700
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib
libpam-doc
Architecture: source all amd64
Version: 1.0.1-3
Distribution: unstable
Urgency: high
Maintainer: Steve Langasek <[EMAIL PROTECTED]>
Changed-By: Steve Langasek <[EMAIL PROTECTED]>
Description:
libpam-cracklib - PAM module to enable cracklib support
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Closes: 495806
Changes:
pam (1.0.1-3) unstable; urgency=high
.
* 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL
tty argument, since this will cause our helper to segfault instead of
returning a useful value. Thanks to Troy Davis for the report.
Closes: #495806.
Checksums-Sha1:
b78df3f32cec5e9a28ec67baa12c991be621884e 1457 pam_1.0.1-3.dsc
b668c3fda42bb60f1c674be0e542786a0fb2b4a5 141199 pam_1.0.1-3.diff.gz
4c4b5c84769a2ac0a5a2dce886e30f092cea331c 164870 libpam-runtime_1.0.1-3_all.deb
da299c65162b87d3dac847e13e746b46fdd1379d 286384 libpam-doc_1.0.1-3_all.deb
9273a621b9cc8b3866ae545c978ffd0b9835e692 107392 libpam0g_1.0.1-3_amd64.deb
c957dea6552d69558d2f815e3883fb569a19b8c0 302442
libpam-modules_1.0.1-3_amd64.deb
2334430cfd09702834bd22e63b2c0474de4d8154 162588 libpam0g-dev_1.0.1-3_amd64.deb
a341d122c4406deb058311703acfd9e0c4947e9e 64820
libpam-cracklib_1.0.1-3_amd64.deb
Checksums-Sha256:
416dbf322906fa48786619751491b4f89e59b490fb407777d00604474965a78a 1457
pam_1.0.1-3.dsc
a0c06d8846399aba86271788cfb3583d8bb315be7f3ba218490df26a7aebe414 141199
pam_1.0.1-3.diff.gz
bf7d5b6f208e1051b0fbb3ccc10c9b762945d616153526eb1d52e52358465b74 164870
libpam-runtime_1.0.1-3_all.deb
7c4708188bc4a2873df07247d0e335ecb54f0a4f2a83d47cadc817a20193ae90 286384
libpam-doc_1.0.1-3_all.deb
5359145b7a077f290e153fb5eb51158e252e2a0f7c931bcc9ffbaf71bb060ea5 107392
libpam0g_1.0.1-3_amd64.deb
8e2096d490f510aeceda75abd8abb18b11da34f2ede8c0aab2c14b94b80dbc56 302442
libpam-modules_1.0.1-3_amd64.deb
f525d023509c567b1c2a94843a873aea7a61b6a6436daf12077c21974250dd0a 162588
libpam0g-dev_1.0.1-3_amd64.deb
f85adecee490a41397e5e769149865c9d058b547a05cb1126a8c2b19f0bf3245 64820
libpam-cracklib_1.0.1-3_amd64.deb
Files:
7de6b7b8f6da450e00f9219c44c9aed8 1457 libs optional pam_1.0.1-3.dsc
1aa39f7e036be6100a50be3e3999ebdf 141199 libs optional pam_1.0.1-3.diff.gz
681793cebc17738a9a8e7c460df07c27 164870 admin required
libpam-runtime_1.0.1-3_all.deb
a16b27dd6d0ddbe3fa71fc8fe726f98d 286384 doc optional libpam-doc_1.0.1-3_all.deb
975862be4b9fb4aca1919ebf7f36ed9b 107392 libs required
libpam0g_1.0.1-3_amd64.deb
b62ab4335a25ba035c5db3c3d9838670 302442 libs required
libpam-modules_1.0.1-3_amd64.deb
ee23dda782127c14d87bbcacf0610e85 162588 libdevel optional
libpam0g-dev_1.0.1-3_amd64.deb
6af872c24cbbb1fdc32a28638608a8fd 64820 libs optional
libpam-cracklib_1.0.1-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIrGo5KN6ufymYLloRAu3dAJ9Yth3Bzd6mJRtemIVgWx5ATAubqwCfQp0u
s+EHG9vgEGomVWwof1sX0tA=
=nraM
-----END PGP SIGNATURE-----
--- End Message ---
