-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2011-10-18 10:31:55 UTC
-
Revision ID:
james.westby@ubuntu.com-20111018103155-6g1mbbx7turb9w3b
Tags: 0.99.7.1-5ubuntu6.5
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in
Linux-PAM/modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in Linux-PAM/modules/pam_env/pam_env.c.
- CVE-2011-3149