summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2008-07-09 20:54:05 +1000
committerDamien Miller <djm@mindrot.org>2008-07-09 20:54:05 +1000
commit773a7b98f9d4e0767dfdd270a339e9f31ca4edea (patch)
treea05f6443bb1691edc6140d65af6b0db73c89ccc6 /ChangeLog
parentd9648eee7cacf633c79ad0f50d7e3215200d2920 (diff)
- (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
account check failure path. The vulnerable format buffer is supplied from PAM and should not contain attacker-supplied data.
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog5
1 files changed, 4 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 726a613ae..6e6feb641 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
120080709 120080709
2 - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass 2 - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass
3 - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
4 account check failure path. The vulnerable format buffer is supplied
5 from PAM and should not contain attacker-supplied data.
3 6
420080705 720080705
5 - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed 8 - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed
@@ -4598,4 +4601,4 @@
4598 OpenServer 6 and add osr5bigcrypt support so when someone migrates 4601 OpenServer 6 and add osr5bigcrypt support so when someone migrates
4599 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 4602 passwords between UnixWare and OpenServer they will still work. OK dtucker@
4600 4603
4601$Id: ChangeLog,v 1.5066 2008/07/08 14:21:12 djm Exp $ 4604$Id: ChangeLog,v 1.5067 2008/07/09 10:54:05 djm Exp $