Your message dated Sun, 16 Feb 2025 11:32:42 +0000
with message-id <e1tjct8-00bceg...@fasolo.debian.org>
and subject line Bug#1095402: fixed in pam-pkcs11 0.6.12-1+deb12u1
has caused the Debian Bug report #1095402,
regarding pam-pkcs11: CVE-2025-24531
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1095402: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095402
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pam-pkcs11
Version: 0.6.12-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for pam-pkcs11.
CVE-2025-24531[0]:
| Possible Authentication Bypass in Error Situations
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
FWIW, I did already worked on this for bookworm (and so can first do
as well a NMU for unstable) but want to first re-verify it.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-24531
https://www.cve.org/CVERecord?id=CVE-2025-24531
[1] https://www.openwall.com/lists/oss-security/2025/02/06/3
[2]
https://github.com/OpenSC/pam_pkcs11/commit/2ecba68d404c3112546a9e802e3776b9f6c50a6a
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pam-pkcs11
Source-Version: 0.6.12-1+deb12u1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
pam-pkcs11, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1095...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated pam-pkcs11
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 10 Feb 2025 21:06:21 +0100
Source: pam-pkcs11
Architecture: source
Version: 0.6.12-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Ludovic Rousseau <rouss...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1095402
Changes:
pam-pkcs11 (0.6.12-1+deb12u1) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed possible authentication bypass: Don't return PAM_IGNORE
(CVE-2025-24531) (Closes: #1095402)
* fixed possible authentication bypass: Use signatures to verify
authentication by default (CVE-2025-24032)
* Update configuration files for the CVE-2025-24032 fix
Checksums-Sha1:
a0b914d83648a3afee4baa2aa031463878e09beb 2407 pam-pkcs11_0.6.12-1+deb12u1.dsc
77a2abe37bc74fe4cb8d86e98d9120ebef6ceb5b 1410678 pam-pkcs11_0.6.12.orig.tar.gz
27ce8a079046ee9f48e578866448cb4baef19653 833 pam-pkcs11_0.6.12.orig.tar.gz.asc
073adcfcfaa7ef57cb8b6f3d97091c767c3a28fb 75204
pam-pkcs11_0.6.12-1+deb12u1.debian.tar.xz
Checksums-Sha256:
4852658dbe2e1a22c6e18b6c115bc245152682e1043b0f2b38c4416d75e5124b 2407
pam-pkcs11_0.6.12-1+deb12u1.dsc
7fdef113fe577e5b4f21f0e6c3932b2bd3ddfa2b1863aaec67b86190cc497d60 1410678
pam-pkcs11_0.6.12.orig.tar.gz
ade5fe3d608c7506a82f7af9f88c53fb330d685c5131301364ed090992db1ab6 833
pam-pkcs11_0.6.12.orig.tar.gz.asc
2d9e8ffaf87c57c33339b82fe0b49dfc83a6bc00a7c8aa5f74effb416fc41974 75204
pam-pkcs11_0.6.12-1+deb12u1.debian.tar.xz
Files:
4170a3111a063b409cda37d244a73494 2407 admin optional
pam-pkcs11_0.6.12-1+deb12u1.dsc
390dfd32184e6a12629ba60ff1d6eb80 1410678 admin optional
pam-pkcs11_0.6.12.orig.tar.gz
16a45980bae147b34ef0d67d976b2a00 833 admin optional
pam-pkcs11_0.6.12.orig.tar.gz.asc
18a32dc3daf2c531699563efd05d1ce7 75204 admin optional
pam-pkcs11_0.6.12-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmeqYdhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6vIP/jiwiT7t6Pc+7EVyCc8y1sWA/aAyKFQI
5nJG28ly+ONsc0JcMki+4nluOLCBsypHVx5JDXSSeVFjY9KvpoI4EcxLqn0UarJn
G9t8xL9JtxMeMy1dP4vgttlkK8ryJoONn32v9m0Mfv+Ss5px4LBrgLuTzWmuplaS
LJ+njCILu/xK9Z/Qc/gmD+wb1j+NYUCBDc3mpCsTNWhQ4p8fMaBtoOgLsiV1Urg6
5yuGlwzosUAf3NkzMCG6hkbETJZMOtbb60YE/jUjJNYd87D/OsNk/0u+5tz8FDJq
glHX1AtDd84CTmlrHKeufVcWsEcJREGbT8F3HsWGuHzWx++tqIvkN6RsRysTIsav
jonBzZ2QIm73/tUuK3T5eC2HRj3+qPEC0SdnYVZ5SDyLX8KtT7jzbKMqi7hprZZ0
rKGYq95kk6S9cMJJK5aJakWN33aWbabEwpPLIKL73ec7hUZ+1/CugIZ97/lZfjv3
wDF20oV8Sq2R6ECFLI6/JPIZoWZwgIUwzjfudYUhiVUKjk0ka5k9PMl859N2CyAO
yFcCttatI8yp9yheHc93/NZ7p2z+3gwCD1CFKlLyeCmOqr952Np4RvI85XU4bs0n
YLXd/9tMpJFseSHczfRiq21yAME/sDD/tvQXTE4zKr6ayd7ZeTGK/BOoi7tygmSO
4sc4tfsUF5pf
=i++1
-----END PGP SIGNATURE-----
pgpfeZMlYGeyU.pgp
Description: PGP signature
--- End Message ---
