Bug#212463: marked as done (pam security problem in OpenSSH again?)
On Tue, Sep 23, 2003 at 05:07:29PM -0400, Matt Zimmerman wrote:
> On Tue, Sep 23, 2003 at 05:00:07PM -0400, Brian Ristuccia wrote:
> > Looks like there's some serious security problem in the PAM implementation.
> > There's been a lot of changes in this area after 1.3.6, so it's not clear if
> > the version Debian is distributing are affected. Someone, either the
> > security team or the package maintainer, should have a look.
> >
> > http://www.securityfocus.com/archive/121/338616
> > http://www.securityfocus.com/archive/121/338617
>
> Doesn't affect Debian at all; stable, testing or unstable.
Quite so. No PAM patches were ever taken from 3.7 into Debian 3.6.1,
because the codebases differed too much.
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: