diff -Nru libpam-tacplus-1.3.8/debian/changelog libpam-tacplus-1.3.8/debian/changelog --- libpam-tacplus-1.3.8/debian/changelog 2014-02-17 23:29:16.000000000 +0530 +++ libpam-tacplus-1.3.8/debian/changelog 2021-08-02 23:26:19.000000000 +0530 @@ -1,3 +1,12 @@ +libpam-tacplus (1.3.8-2+deb10u1) buster; urgency=medium + + * Non-maintainer upload by the LTS team. + * CVE-2020-13881: Prevent shared secrets (such as + private server keys) from being added in plaintext + to the system log. + + -- Utkarsh Gupta Mon, 02 Aug 2021 23:26:19 +0530 + libpam-tacplus (1.3.8-2) unstable; urgency=low * Added postinst and prerm scripts for pam-auth-update. Closes: #739274 diff -Nru libpam-tacplus-1.3.8/debian/patches/CVE-2020-13881.patch libpam-tacplus-1.3.8/debian/patches/CVE-2020-13881.patch --- libpam-tacplus-1.3.8/debian/patches/CVE-2020-13881.patch 1970-01-01 05:30:00.000000000 +0530 +++ libpam-tacplus-1.3.8/debian/patches/CVE-2020-13881.patch 2021-08-02 23:26:08.000000000 +0530 @@ -0,0 +1,11 @@ +--- a/support.c ++++ b/support.c +@@ -272,7 +272,7 @@ + _pam_log(LOG_DEBUG, "%d servers defined", tac_srv_no); + + for(n = 0; n < tac_srv_no; n++) { +- _pam_log(LOG_DEBUG, "server[%d] { addr=%s, key='%s' }", n, tac_ntop(tac_srv[n].addr->ai_addr), tac_srv[n].key); ++ _pam_log(LOG_DEBUG, "server[%d] { addr=%s, key='********' }", n, tac_ntop(tac_srv[n].addr->ai_addr)); + } + + _pam_log(LOG_DEBUG, "tac_service='%s'", tac_service); diff -Nru libpam-tacplus-1.3.8/debian/patches/series libpam-tacplus-1.3.8/debian/patches/series --- libpam-tacplus-1.3.8/debian/patches/series 1970-01-01 05:30:00.000000000 +0530 +++ libpam-tacplus-1.3.8/debian/patches/series 2021-08-02 23:25:56.000000000 +0530 @@ -0,0 +1 @@ +CVE-2020-13881.patch