Bug#951396: marked as done (libpam-radius-auth: CVE-2015-9542)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 12 Jul 2020 14:32:18 +0000
with message-id <E1jud1e-0001Fh-08@fasolo.debian.org>
and subject line Bug#951396: fixed in libpam-radius-auth 1.4.0-3~deb10u1
has caused the Debian Bug report #951396,
regarding libpam-radius-auth: CVE-2015-9542
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
951396: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951396
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libpam-radius-auth: CVE-2015-9542
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Sat, 15 Feb 2020 23:29:23 +0100
• Message-id: <158180576355.210331.6829993773585475992.reportbug@eldamar.local>

Source: libpam-radius-auth
Version: 1.4.0-2
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for libpam-radius-auth.

CVE-2015-9542[0]:
|buffer overflow in password field

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-9542
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9542
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1686980
[2] https://github.com/FreeRADIUS/pam_radius/commit/01173ec
    https://github.com/FreeRADIUS/pam_radius/commit/6bae92d
    https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 951396-close@bugs.debian.org
• Subject: Bug#951396: fixed in libpam-radius-auth 1.4.0-3~deb10u1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sun, 12 Jul 2020 14:32:18 +0000
• Message-id: <E1jud1e-0001Fh-08@fasolo.debian.org>
• Reply-to: Salvatore Bonaccorso <carnil@debian.org>

Source: libpam-radius-auth
Source-Version: 1.4.0-3~deb10u1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
libpam-radius-auth, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 951396@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libpam-radius-auth package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 11 Jul 2020 21:24:48 +0200
Source: libpam-radius-auth
Architecture: source
Version: 1.4.0-3~deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 951396
Changes:
 libpam-radius-auth (1.4.0-3~deb10u1) buster; urgency=medium
 .
   * Rebuild for buster.
   * Revert packaging changes:
     - Lower Standards-Version to 4.2.0
     - Lower Debhelper compat level to 11
 .
 libpam-radius-auth (1.4.0-3) unstable; urgency=medium
 .
   * QA upload
   * Add patch to fix buffer overflow in password field.
     (Fixes: CVE-2015-9542) (Closes: #951396)
   * Bump Standards-Version to 4.5.0 and dh-compat to 12
Checksums-Sha1: 
 8fecf67673103d4283f82fad73b3b1c104300868 2034 libpam-radius-auth_1.4.0-3~deb10u1.dsc
 50a3c1f521effefa0b368960a6c2520ea44d1bb0 6348 libpam-radius-auth_1.4.0-3~deb10u1.debian.tar.xz
Checksums-Sha256: 
 6a7feb1fd677b7d979527668d2866a930ea97bd8945817026d631e9b7c1e25d6 2034 libpam-radius-auth_1.4.0-3~deb10u1.dsc
 5156941a6264c70c3b8f22c666c78001efabd345307d18f9d0d278ac895d32a1 6348 libpam-radius-auth_1.4.0-3~deb10u1.debian.tar.xz
Files: 
 220f5289c56d31be97f7bd1a847c77fa 2034 admin optional libpam-radius-auth_1.4.0-3~deb10u1.dsc
 5df9314a111a0dc0b7dbf558a48a7904 6348 admin optional libpam-radius-auth_1.4.0-3~deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8KqNtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ej68P/2HL6o5hmBCJvJ6jrW9w/ROz/DJoBGMf
6HsVYX+lFFQJqj9XErvHVM4Dl+nJ/Qq63l7GrGyFjAxdEHW2FKfzrZY9Fw4Ri9gz
yUUiU7ERBM1WswWdsHZf6ShLGMdvF56YC2dDnCIWLSBaNeHHdlJlP13Zl+Ky4/4t
TOwuBVSIKF41UdSX5kTd3f3dNuZqXVYPVLEk180q8+l9JztybkjBqTFrVBVYzmKl
cRrSd85UNuQUaSQfAck4JAjTEFfyIZoHDYhYPrZMjfQ1dslNgWDYLhkNdrGiAnRH
cAXFOgdAX4+YmM8QBrFQ24GwFIIln+1YRb9WdJCUEOr7YF3Sy+RgGQMxmWhG+8K4
Kie43E5feF7ZgzFLg7ialembluTVfU/NtJCLBR9whxpAxOyzBnaj4s+W6Lf8fJWr
hCo2WoZj01IuTkLAg5rLRy5XozUt+3GFlwi3Sf+93y1wfa7cAuoKLPuLhay9IHVm
aeX7GW1HHceKl0aGrZO/M2TKKszTSrOd+mjGmiXWPKAcynz53Lf43ruaPJIpRD8Q
tckcymr0SPaQkdqcUEKUVebIZVaKqh6Ot4j7EThwzWbbati3vlC32Gr3rxAIDplL
jTpax/y3o6wnVoltxrgnJGzFwj9Ut8ax7m3cEoWZylIhgN9susil1TTI7b9oCGFV
gx0pt5OkfmBS
=fMaV
-----END PGP SIGNATURE-----

--- End Message ---