[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#812821: nmu: pam_1.1.8-3.1+deb8u1

On 26 January 2016 at 22:05, Adam D. Barratt <adam@adam-barratt.org.uk> wrote:
> Is it just the manpage that's the issue? i.e. do the packages published
> as part of the point release include the actual security fix?

Yeah, it's just the manpage that's the issue.  Still using #812566 to
track down the _exact_ details, but the patch applied (and I verified
via the buildd log that it was indeed applied) changed both the source
and the man page source XML for the vuln -- as it turns out, there is
a static copy of the man page that also needed to be patched, but if
some set of conditions is met (likely some extra package being
installed at build time), the man page is instead generated from the
XML (as it really ought to be IMO).  This building-manpages-from-XML
happened for amd64 on my machine (since I figured I probably can't
source-only upload to pu's NEW), which is what caused the discrepancy.

♥,
- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4
Reply to: