On Sun, Aug 03, 2025 at 01:22:13PM +0200, Bastien Roucaries wrote: > Source: pam > Version: 1.7.0-5 > Severity: grave > Justification: may breaks the whole system (loggin) > X-Debbugs-CC: [email protected] > X-Debbugs-CC: Debian Security Team <[email protected]> > > Hi, > > Following fix of CVE-2024-10041 pam now use /usr/sbin/unix_chkpwd > inconditionnaly > > If someone use apparmor login or user then login will fail, may be some time > latter due to expired password or other unix configuration > > see https://bugzilla.opensuse.org/show_bug.cgi?id=1219139 > https://salsa.debian.org/apparmor-team/apparmor/-/commit/243162ca2938b391724f547596787c7f77d1fc5f > > I order to be in the safe side could you add Breaks: apparmor-profiles (<< > 4.1.0-1~) or may be Pre-Depends: > > apparmor need to be updated before pam. > > I know it is late in the release cycle, but I just detected trying to debug > stuff for pam. > > Maybe postone
Should this be reassigned to src:apparmor instread then and marked affecting src:pam? Regards, Salvatore
