* Merge from Debian unstable, remaining changes:
- debian/{pam-auth-update,postinst,prerm}, debian/rules, debian/dirs:
enable pam_krb5 by default using the new pam-auth-update support.
- debian/control: depend on libpam-runtime (>= 1.0.1-6) for the
above.
* Logging is now done with the LOG_AUTHPRIV facility. LP: #227531.
libpam-krb5 (3.13-2) unstable; urgency=low
* Upload to unstable.
libpam-krb5 (3.13-1) experimental; urgency=high
* New upstream release.
- SECURITY (CVE-2009-0360): If invoked in a setuid context, ignore
user environment variables that specify the local keytab and
Kerberos configuration. Protects against a privilege escalation
vulnerability.
- SECURITY (CVE-2009-0361): Protect against applications calling
pam_setcred with PAM_REINITIALIZE_CREDS as root in a setuid
context. This API call is designed to reinitialize an existing
Kerberos ticket cache and therefore trusts the KRB5CCNAME
environment variable, but in a setuid context, this may allow
overwriting arbitrary files.
* Install the upstream NEWS file as an upstream changelog.
* Add ${misc:Depends} to the package dependencies.
* Improve wording for the GPL pointer. The package may be distributed
under any version of the GPL.
libpam-krb5 (3.12-1) experimental; urgency=low
* New upstream release.
- New alt_auth_map, force_alt_auth, and only_alt_auth options to map
usernames to alternative Kerberos principals for authentication.
- Log to authpriv, not auth.
- Correctly log an exit status of ignore during debugging.
- Document ssh session requirement. (Closes: #492039)
- Document ignore handling with [] actions. (Closes: #492379)
* Update to debhelper compatibility mode V7.
- Use debhelper rule minimization except for configure.
- Let the upstream Makefile do the installation.
* Remove NEWS.Debian, only of interest in upgrades from sarge.
-- Steve Langasek <email address hidden> Wed, 04 Mar 2009 02:54:58 +0000
This bug was fixed in the package libpam-krb5 - 3.13-2ubuntu1
---------------
libpam-krb5 (3.13-2ubuntu1) jaunty; urgency=low
* Merge from Debian unstable, remaining changes: {pam-auth- update, postinst, prerm}, debian/rules, debian/dirs:
- debian/
enable pam_krb5 by default using the new pam-auth-update support.
- debian/control: depend on libpam-runtime (>= 1.0.1-6) for the
above.
* Logging is now done with the LOG_AUTHPRIV facility. LP: #227531.
libpam-krb5 (3.13-2) unstable; urgency=low
* Upload to unstable.
libpam-krb5 (3.13-1) experimental; urgency=high
* New upstream release. lity. E_CREDS as root in a setuid
- SECURITY (CVE-2009-0360): If invoked in a setuid context, ignore
user environment variables that specify the local keytab and
Kerberos configuration. Protects against a privilege escalation
vulnerabi
- SECURITY (CVE-2009-0361): Protect against applications calling
pam_setcred with PAM_REINITIALIZ
context. This API call is designed to reinitialize an existing
Kerberos ticket cache and therefore trusts the KRB5CCNAME
environment variable, but in a setuid context, this may allow
overwriting arbitrary files.
* Install the upstream NEWS file as an upstream changelog.
* Add ${misc:Depends} to the package dependencies.
* Improve wording for the GPL pointer. The package may be distributed
under any version of the GPL.
libpam-krb5 (3.12-1) experimental; urgency=low
* New upstream release.
- New alt_auth_map, force_alt_auth, and only_alt_auth options to map
usernames to alternative Kerberos principals for authentication.
- Log to authpriv, not auth.
- Correctly log an exit status of ignore during debugging.
- Document ssh session requirement. (Closes: #492039)
- Document ignore handling with [] actions. (Closes: #492379)
* Update to debhelper compatibility mode V7.
- Use debhelper rule minimization except for configure.
- Let the upstream Makefile do the installation.
* Remove NEWS.Debian, only of interest in upgrades from sarge.
-- Steve Langasek <email address hidden> Wed, 04 Mar 2009 02:54:58 +0000