diff options
| author | Damien Miller <djm@mindrot.org> | 2008-07-09 20:54:05 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2008-07-09 20:54:05 +1000 |
| commit | 773a7b98f9d4e0767dfdd270a339e9f31ca4edea (patch) | |
| tree | a05f6443bb1691edc6140d65af6b0db73c89ccc6 /ChangeLog | |
| parent | d9648eee7cacf633c79ad0f50d7e3215200d2920 (diff) | |
- (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
account check failure path. The vulnerable format buffer is supplied
from PAM and should not contain attacker-supplied data.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 5 |
1 files changed, 4 insertions, 1 deletions
| @@ -1,5 +1,8 @@ | |||
| 1 | 20080709 | 1 | 20080709 |
| 2 | - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass | 2 | - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass |
| 3 | - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM | ||
| 4 | account check failure path. The vulnerable format buffer is supplied | ||
| 5 | from PAM and should not contain attacker-supplied data. | ||
| 3 | 6 | ||
| 4 | 20080705 | 7 | 20080705 |
| 5 | - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed | 8 | - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed |
| @@ -4598,4 +4601,4 @@ | |||
| 4598 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 4601 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 4599 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 4602 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 4600 | 4603 | ||
| 4601 | $Id: ChangeLog,v 1.5066 2008/07/08 14:21:12 djm Exp $ | 4604 | $Id: ChangeLog,v 1.5067 2008/07/09 10:54:05 djm Exp $ |