diff -Nru libpam-tacplus-1.3.8/debian/changelog libpam-tacplus-1.3.8/debian/changelog --- libpam-tacplus-1.3.8/debian/changelog 2014-02-17 17:59:16.000000000 +0000 +++ libpam-tacplus-1.3.8/debian/changelog 2020-09-15 13:49:58.000000000 +0000 @@ -1,3 +1,16 @@ +libpam-tacplus (1.3.8-2+deb8u1build0.16.04.1) xenial-security; urgency=medium + + * fake sync from Debian + + -- Eduardo Barretto Tue, 15 Sep 2020 10:49:58 -0300 + +libpam-tacplus (1.3.8-2+deb8u1) jessie-security; urgency=high + + * CVE-2020-13881: Prevent shared secrets (such as private server keys) from + being added in plaintext to the system log. + + -- Chris Lamb Mon, 08 Jun 2020 15:51:57 +0100 + libpam-tacplus (1.3.8-2) unstable; urgency=low * Added postinst and prerm scripts for pam-auth-update. Closes: #739274 diff -Nru libpam-tacplus-1.3.8/debian/patches/CVE-2020-13881.patch libpam-tacplus-1.3.8/debian/patches/CVE-2020-13881.patch --- libpam-tacplus-1.3.8/debian/patches/CVE-2020-13881.patch 1970-01-01 00:00:00.000000000 +0000 +++ libpam-tacplus-1.3.8/debian/patches/CVE-2020-13881.patch 2020-06-08 14:54:04.000000000 +0000 @@ -0,0 +1,11 @@ +--- libpam-tacplus-1.3.8.orig/support.c ++++ libpam-tacplus-1.3.8/support.c +@@ -272,7 +272,7 @@ int _pam_parse (int argc, const char **a + _pam_log(LOG_DEBUG, "%d servers defined", tac_srv_no); + + for(n = 0; n < tac_srv_no; n++) { +- _pam_log(LOG_DEBUG, "server[%d] { addr=%s, key='%s' }", n, tac_ntop(tac_srv[n].addr->ai_addr), tac_srv[n].key); ++ _pam_log(LOG_DEBUG, "server[%d] { addr=%s, key='********' }", n, tac_ntop(tac_srv[n].addr->ai_addr)); + } + + _pam_log(LOG_DEBUG, "tac_service='%s'", tac_service); diff -Nru libpam-tacplus-1.3.8/debian/patches/series libpam-tacplus-1.3.8/debian/patches/series --- libpam-tacplus-1.3.8/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ libpam-tacplus-1.3.8/debian/patches/series 2020-06-08 14:53:05.000000000 +0000 @@ -0,0 +1 @@ +CVE-2020-13881.patch