Bug#291558: marked as done (libapache2-mod-auth-pam: AuthPAM_FailDelay is ignored if passwd succeeds but require user fails)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 06 Jun 2013 06:45:42 +0000
with message-id <[🔎] E1UkTx8-0002rJ-6m@franck.debian.org>
and subject line Bug#710770: Removed package(s) from unstable
has caused the Debian Bug report #291558,
regarding libapache2-mod-auth-pam: AuthPAM_FailDelay is ignored if passwd succeeds but require user fails
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
291558: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291558
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libapache2-mod-auth-pam: AuthPAM_FailDelay is ignored if passwd succeeds but require user fails
• From: Marc Sherman <msherman@projectile.ca>
• Date: Fri, 21 Jan 2005 09:05:55 -0500
• Message-id: <E1CrzQB-0003N0-8M@pyloric.projectile.ca>

Package: libapache2-mod-auth-pam
Version: 1.1.1-4.1
Severity: normal
Tags: security

If a user does not have access to a location/directory due to a require
user directive that excludes them, and their password is correctly
given, apache returns an auth failure immediately instead of respecting
the AuthPAM_FailDelay directive.

An excluded/unauthorized user should be treated the same as a
non-existant user, or a bad password for a valid/authorized user.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)

Versions of packages libapache2-mod-auth-pam depends on:
ii  apache2-common              2.0.52-3     Next generation, scalable, extenda
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 246222-done@bugs.debian.org,284863-done@bugs.debian.org,291558-done@bugs.debian.org,366401-done@bugs.debian.org,366411-done@bugs.debian.org,382382-done@bugs.debian.org,393342-done@bugs.debian.org,394097-done@bugs.debian.org,400984-done@bugs.debian.org,422651-done@bugs.debian.org,450387-done@bugs.debian.org,482397-done@bugs.debian.org,509197-done@bugs.debian.org,515995-done@bugs.debian.org,575009-done@bugs.debian.org,610455-done@bugs.debian.org,666809-done@bugs.debian.org,660221-done@bugs.debian.org,
• Cc: libapache2-mod-auth-pam@packages.debian.org, libapache2-mod-auth-pam@packages.qa.debian.org
• Subject: Bug#710770: Removed package(s) from unstable
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Thu, 06 Jun 2013 06:45:42 +0000
• Message-id: <[🔎] E1UkTx8-0002rJ-6m@franck.debian.org>

Version: 1.1.1-9+rm

Dear submitter,

as the package libapache2-mod-auth-pam has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/710770

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Ansgar Burchardt (the ftpmaster behind the curtain)

--- End Message ---