From 773a7b98f9d4e0767dfdd270a339e9f31ca4edea Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 9 Jul 2008 20:54:05 +1000
Subject:  - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM 
   account check failure path. The vulnerable format buffer is supplied   
 from PAM and should not contain attacker-supplied data.

---
 ChangeLog | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 726a613ae..6e6feb641 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 20080709
  - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass
+ - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
+   account check failure path. The vulnerable format buffer is supplied
+   from PAM and should not contain attacker-supplied data.
 
 20080705
  - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed
@@ -4598,4 +4601,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5066 2008/07/08 14:21:12 djm Exp $
+$Id: ChangeLog,v 1.5067 2008/07/09 10:54:05 djm Exp $
-- 
cgit v1.2.3