Bug#1095402: marked as done (pam-pkcs11: CVE-2025-24531)

[Debian Bug Tracking System]

Your message dated Sat, 08 Feb 2025 21:34:16 +0000
with message-id <e1tgssu-0088ym...@fasolo.debian.org>
and subject line Bug#1095402: fixed in pam-pkcs11 0.6.13-1
has caused the Debian Bug report #1095402,
regarding pam-pkcs11: CVE-2025-24531
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1095402: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095402
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: pam-pkcs11
Version: 0.6.12-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for pam-pkcs11.

CVE-2025-24531[0]:
| Possible Authentication Bypass in Error Situations

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

FWIW, I did already worked on this for bookworm (and so can first do
as well a NMU for unstable) but want to first re-verify it.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-24531
    https://www.cve.org/CVERecord?id=CVE-2025-24531
[1] https://www.openwall.com/lists/oss-security/2025/02/06/3
[2] 
https://github.com/OpenSC/pam_pkcs11/commit/2ecba68d404c3112546a9e802e3776b9f6c50a6a

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: pam-pkcs11
Source-Version: 0.6.13-1
Done: Ludovic Rousseau <rouss...@debian.org>

We believe that the bug you reported is fixed in the latest version of
pam-pkcs11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1095...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ludovic Rousseau <rouss...@debian.org> (supplier of updated pam-pkcs11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 08 Feb 2025 22:14:35 +0100
Source: pam-pkcs11
Architecture: source
Version: 0.6.13-1
Distribution: unstable
Urgency: medium
Maintainer: Ludovic Rousseau <rouss...@debian.org>
Changed-By: Ludovic Rousseau <rouss...@debian.org>
Closes: 1095402
Changes:
 pam-pkcs11 (0.6.13-1) unstable; urgency=medium
 .
   * New upstream release
   * Fix "CVE-2025-24531" by the new upstream version (Closes: #1095402)
   * Fix "CVE-2025-24032" by the new upstream version
   * Remove d/patches/1_pam*: included upstream
   * d/control: fix build-depends-on-obsolete-package
   * d/control: upgrade Standards-Version: 4.6.2 -> 4.7.0. No hange needed.
Checksums-Sha1:
 02fbe928804080115204678e5d5e6308620a85cf 1987 pam-pkcs11_0.6.13-1.dsc
 c996e2f917d39e437ae99f9e6354c5fcd645bd11 281247 pam-pkcs11_0.6.13.orig.tar.gz
 a397c81c100c3bff9cf7d158a01f0f42d5771d8d 72212 
pam-pkcs11_0.6.13-1.debian.tar.xz
 2ce283f2ce3d7d130ce212edfd642bef815acfaa 7887 
pam-pkcs11_0.6.13-1_amd64.buildinfo
Checksums-Sha256:
 1a03e6c74dc1b814acc632690e598e7be93158f8eb9bfd5b38772a1e7452937e 1987 
pam-pkcs11_0.6.13-1.dsc
 bd7e7bdde9d710223e4f616f18c78a72eff7a0e33f4d835a5cf36413e81dc4f2 281247 
pam-pkcs11_0.6.13.orig.tar.gz
 76fff6daaffec265e9d61ae823f341d5c23a07b4189f45ab2293cf08868caef0 72212 
pam-pkcs11_0.6.13-1.debian.tar.xz
 3b8abf30196d3ddb6fcb085c8acfa8312a0dc73f820219a2fd67f8ac19a50c2d 7887 
pam-pkcs11_0.6.13-1_amd64.buildinfo
Files:
 7fcaf708a5a0c19222866c1659b368af 1987 admin optional pam-pkcs11_0.6.13-1.dsc
 f60285d18f42464f0149d11e19960e1a 281247 admin optional 
pam-pkcs11_0.6.13.orig.tar.gz
 c9b0635b6506a0ccbfb281177c5e305b 72212 admin optional 
pam-pkcs11_0.6.13-1.debian.tar.xz
 f39d43999e13e2b6d60513cdef22cbca 7887 admin optional 
pam-pkcs11_0.6.13-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE9eEbn/6REUb0HZU9eKG03+j5xX4FAmeny74UHHJvdXNzZWF1
QGRlYmlhbi5vcmcACgkQeKG03+j5xX6Kxg/8DDitKT62QN9P1B8JASVO3ervDnhS
W2/3t0GtDYY+zf1BVGuUv2zBSu+Mmm/l6NFV+VbmDx/2mPnt/EnF3a1s0GRKHhqQ
vYM3eo5OSPOM8orS5QcajFtKU1Bthg6SzFVtpyb3RADyVZb7oNiDhKfqHprDjlz7
i1Wq5O4nHuJVsES2cEUXh3Xu/eHL3+mviFJOJxKHinfGOBuXSLH1zg4yDOIP8JHY
AXaSTqZjsGOSUa4dtj2kaMjA1LXpjKjWa5Hk71AuITudYxkOndo65sH7CIGAVV26
oCseLlbpSEs56YlDwryVamtd97991b3LM6jqKWz+0mvJlZksAzfsa/fwyd4s9rZO
upab18VmKUNxwDEO8h9zOARfsyha2KJ4bOF7IjqgoWnFlgMkLnACNeeb2sRt1GR3
fdW5yraCCBKkqiEiiPzbZg5euES/IjrTuX27ztlaQ41Urg8MkslE2/YvwUpG+2VM
3evGx1ZwoWU62+0hYZV8QLvDg4Ooi3fPNfrgFWCApAL4laQ/BlT1m2JRtxjhfvCZ
hXa88iAXtYvx1FZiqAGn5wvc3O1/glsq6mNznk3Mw7L/Xs/rXePDvHQQpIWjtS0P
J7e7tam7TtO36i+ktS7seHFRrSBk8a1an7JQlcZx6+CFJ+P+4poirHn8BpFWpD7h
hPQ5fHm7I6pxl3A=
=OjGM
-----END PGP SIGNATURE-----

pgpkX_z_MSJYl.pgp
Description: PGP signature

--- End Message ---