Package: pam Severity: serious Tags: security patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Tomas Mraz pointed out that pam_namespace PAM module executes external namespace.init script with an environment settings inherited form the program or service that has pam_namespace configured. Please see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3853 http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13 https://rhn.redhat.com/errata/RHSA-2010-0819.html If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers, Giuseppe. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0bUJsACgkQNxpp46476arzpwCfRYu4yznLD6z970bUPNbJkeE7 0qsAn10ej9XnZ3hnXoQF5PlGXZC9TYfD =OuIG -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
