Ubuntu
libpam-krb5 package

Bug #227531
Comment #5

Comment 5 for bug 227531

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-03-04:

This bug was fixed in the package libpam-krb5 - 3.13-2ubuntu1

---------------
libpam-krb5 (3.13-2ubuntu1) jaunty; urgency=low

  * Merge from Debian unstable, remaining changes:
    - debian/{pam-auth-update,postinst,prerm}, debian/rules, debian/dirs:
      enable pam_krb5 by default using the new pam-auth-update support.
    - debian/control: depend on libpam-runtime (>= 1.0.1-6) for the
      above.
  * Logging is now done with the LOG_AUTHPRIV facility. LP: #227531.

libpam-krb5 (3.13-2) unstable; urgency=low

* Upload to unstable.

libpam-krb5 (3.13-1) experimental; urgency=high

  * New upstream release.
    - SECURITY (CVE-2009-0360): If invoked in a setuid context, ignore
      user environment variables that specify the local keytab and
      Kerberos configuration. Protects against a privilege escalation
      vulnerability.
    - SECURITY (CVE-2009-0361): Protect against applications calling
      pam_setcred with PAM_REINITIALIZE_CREDS as root in a setuid
      context. This API call is designed to reinitialize an existing
      Kerberos ticket cache and therefore trusts the KRB5CCNAME
      environment variable, but in a setuid context, this may allow
      overwriting arbitrary files.
  * Install the upstream NEWS file as an upstream changelog.
  * Add ${misc:Depends} to the package dependencies.
  * Improve wording for the GPL pointer. The package may be distributed
    under any version of the GPL.

libpam-krb5 (3.12-1) experimental; urgency=low

  * New upstream release.
    - New alt_auth_map, force_alt_auth, and only_alt_auth options to map
      usernames to alternative Kerberos principals for authentication.
    - Log to authpriv, not auth.
    - Correctly log an exit status of ignore during debugging.
    - Document ssh session requirement. (Closes: #492039)
    - Document ignore handling with [] actions. (Closes: #492379)
  * Update to debhelper compatibility mode V7.
    - Use debhelper rule minimization except for configure.
    - Let the upstream Makefile do the installation.
  * Remove NEWS.Debian, only of interest in upgrades from sarge.

-- Steve Langasek <email address hidden> Wed, 04 Mar 2009 02:54:58 +0000

This bug was fixed in the package libpam-krb5 - 3.13-2ubuntu1

---------------
libpam-krb5 (3.13-2ubuntu1) jaunty; urgency=low

libpam-krb5 (3.13-2) unstable; urgency=low

* Upload to unstable.

libpam-krb5 (3.13-1) experimental; urgency=high

* New upstream release.
    - SECURITY (CVE-2009-0360): If invoked in a setuid context, ignore
      user environment variables that specify the local keytab and
      Kerberos configuration.  Protects against a privilege escalation
      vulnerability.
    - SECURITY (CVE-2009-0361): Protect against applications calling
      pam_setcred with PAM_REINITIALIZE_CREDS as root in a setuid
      context.  This API call is designed to reinitialize an existing
      Kerberos ticket cache and therefore trusts the KRB5CCNAME
      environment variable, but in a setuid context, this may allow
      overwriting arbitrary files.
  * Install the upstream NEWS file as an upstream changelog.
  * Add ${misc:Depends} to the package dependencies.
  * Improve wording for the GPL pointer.  The package may be distributed
    under any version of the GPL.

libpam-krb5 (3.12-1) experimental; urgency=low

* New upstream release.
    - New alt_auth_map, force_alt_auth, and only_alt_auth options to map
      usernames to alternative Kerberos principals for authentication.
    - Log to authpriv, not auth.
    - Correctly log an exit status of ignore during debugging.
    - Document ssh session requirement.  (Closes: #492039)
    - Document ignore handling with [] actions.  (Closes: #492379)
  * Update to debhelper compatibility mode V7.
    - Use debhelper rule minimization except for configure.
    - Let the upstream Makefile do the installation.
  * Remove NEWS.Debian, only of interest in upgrades from sarge.

-- Steve Langasek <steve.langasek@ubuntu.com>   Wed, 04 Mar 2009 02:54:58 +0000

Ubuntulibpam-krb5 package

Comment 5 for bug 227531

Ubuntu
libpam-krb5 package