[Touch-packages] [Bug 2006073] Re: PAM: CVE-2022-28321 patch not correctly applied

Nishit Majithia Sun, 05 Feb 2023 22:20:34 -0800

Package Information:
  https://launchpad.net/ubuntu/+source/pam/1.5.2-2ubuntu1.3
  https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.3
  https://launchpad.net/ubuntu/+source/pam/1.3.1-5ubuntu4.6
  https://launchpad.net/ubuntu/+source/pam/1.1.8-3.6ubuntu2.18.04.6



** Changed in: pam (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2006073

Title:
  PAM: CVE-2022-28321 patch not correctly applied

Status in pam package in Ubuntu:
  Fix Released

Bug description:
  In the latest update for PAM, the patch was added to "debian/patches"
  instead of "debian/patches-applied" where all other PAM patches
  reside.

  pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium

    * SECURITY UPDATE: authentication bypass vulnerability
      - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in
        access.conf
      - CVE-2022-28321

   -- Nishit Majithia <[email protected]>  Tue, 24 Jan 2023
  17:15:43 +0530

  While building, it picks up all patches from debian/patches-applied but not
  debian/patches. The build passes but the CVE fix is not applied.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2006073/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2006073] Re: PAM: CVE-2022-28321 patch not correctly applied

Reply via email to