Ubuntu
pam-pgsql package

  1. Bug #242690
  2. Comment #8

Comment 8 for bug 242690

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pam-pgsql - 0.6.3-0ubuntu1.8.04.1

---------------
pam-pgsql (0.6.3-0ubuntu1.8.04.1) hardy-security; urgency=low

  * SECURITY UPDATE: local users may bypass authentication and gain
    privileges by sending <CTRL-C> at the password prompt.
  * pam_pgsql.c: applied Debian patch to fix operator precedence
    (Fixes LP: #242690)
  * pam_get_service.c: applied Debian patch from 0.6.3-2 to fix FTBFS
  * References
    CVE-2008-2516
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441679

 -- Thierry Carrez <email address hidden> Wed, 25 Jun 2008 21:04:24 +0200