Your message dated Sun, 29 Jun 2025 18:04:28 +0000
with message-id <e1uvwoc-00hvck...@fasolo.debian.org>
and subject line Bug#1107919: fixed in pam 1.7.0-5
has caused the Debian Bug report #1107919,
regarding pam: CVE-2025-6020: pam_namespace: potential privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1107919: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107919
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pam
Version: 1.7.0-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1.5.2-6+deb12u1
Control: found -1 1.5.2-6
Hi,
The following vulnerability was published for pam.
CVE-2025-6020[0]:
| pam_namespace: potential privilege escalation
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-6020
https://www.cve.org/CVERecord?id=CVE-2025-6020
[1]
https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx
[2]
https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e
https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1
https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773
Please adjust the affected versions in the BTS as needed.
I would say to focus first on unstable -> trixie then we can have a
further look at bookworm.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pam
Source-Version: 1.7.0-5
Done: Sam Hartman <hartm...@debian.org>
We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <hartm...@debian.org> (supplier of updated pam package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 29 Jun 2025 11:40:46 -0600
Source: pam
Architecture: source
Version: 1.7.0-5
Distribution: unstable
Urgency: high
Maintainer: Sam Hartman <hartm...@debian.org>
Changed-By: Sam Hartman <hartm...@debian.org>
Closes: 629438 1103339 1107919
Changes:
pam (1.7.0-5) unstable; urgency=high
.
* pam_access: backport upstream commit to implement nodns option to allow
people to work around #1087019
.
pam (1.7.0-4) experimental; urgency=high
.
[ Gioele Barabucci ]
* d/control: Update standards version to 4.7.0, no changes needed
* d/TODO: Remove outdated item about fop (Closes: #629438)
.
[ Sam Hartman ]
* Fix CVE-2025-6020: local privilege escalation in pam_namespace, Closes:
1107919
.
[ James Morris ]
* pam_access improperly checks for group membership of a user.
(Closes: #1103339)
Checksums-Sha1:
dc44d975a3cee93b2e116db4682b90abc8a11f31 2210 pam_1.7.0-5.dsc
e27bfdcceb1294670f95467e4ce4e2455ce841c7 145640 pam_1.7.0-5.debian.tar.xz
Checksums-Sha256:
5c127aa18c7cb52ec9ee91fa2099453b3a851bcc0088e79045384a2a508b341c 2210
pam_1.7.0-5.dsc
d776d7cb6fc8b08273f96b7f843299356ef13c6756e30468c594ab28faf1701c 145640
pam_1.7.0-5.debian.tar.xz
Files:
561580b7e93506f94a63bfc44f839bd4 2210 libs optional pam_1.7.0-5.dsc
8b227938c26350801ea2472d00c52c58 145640 libs optional pam_1.7.0-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCaGF7eAAKCRAsbEw8qDeG
dMtaAQCUgFh51jmuFD7DenBgFukipl2sy5huidU54Mp7cl5H1gEAz71k3wK9eXn9
jfYAc9zZHjKBRKVXReuwr4o3Wn3zFgk=
=lGzz
-----END PGP SIGNATURE-----
pgpVxcXCOUWuB.pgp
Description: PGP signature
--- End Message ---
