Accepted libpam4j 1.4-2+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 Nov 2017 18:22:33 +0100
Source: libpam4j
Binary: libpam4j-java libpam4j-java-doc
Architecture: source all
Version: 1.4-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libpam4j-java - Java binding for libpam.so
libpam4j-java-doc - Documentation for Java binding for libpam.so
Closes: 879001
Changes:
libpam4j (1.4-2+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2017-12197 (Closes: #879001):
It was discovered that libpam4j does not call pam_acct_mgmt().
As a consequence, the PAM account is not properly
verified. Any user with a valid password but with deactivated or
disabled account was able to log in.
Checksums-Sha1:
38444a2fefe56f6cabc4dd567f4efe54e2fe4554 2288 libpam4j_1.4-2+deb9u1.dsc
1335e34fba33ab2531265ced9dbd58295476a81c 6880 libpam4j_1.4.orig.tar.gz
07264c172fb3c2a3d38dc1fe20de7971f5600925 4972 libpam4j_1.4-2+deb9u1.debian.tar.xz
0f865e8ae403483ef7c43b1f62cf4b7e776cdb8b 24244 libpam4j-java-doc_1.4-2+deb9u1_all.deb
fa5629353cf55dcb7314e6db74305ccd20e5266d 14700 libpam4j-java_1.4-2+deb9u1_all.deb
593a7e896bf0502374707fbed462a0bb6fb27c7e 15358 libpam4j_1.4-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
07dcae78f87e001357eb2069e2d15e507bdb549d286c6fca9c7d5c72445d0028 2288 libpam4j_1.4-2+deb9u1.dsc
83e738e7e6d5055adaaffccd0caa10ba03a13ea59bd016f9bb4d1306c7c3f550 6880 libpam4j_1.4.orig.tar.gz
4b6e024b12ce4d74df81629232a3d141a3d04686c0c970b26169c25235f9a79e 4972 libpam4j_1.4-2+deb9u1.debian.tar.xz
4d5c2f6cbb0343f716c8c7c9624b51af67e5c3b913a4b1417e8e6eca9827b42d 24244 libpam4j-java-doc_1.4-2+deb9u1_all.deb
0ef43ba693ad70971831067cb2cee8bc468a62ce39082cd85ee1ad99a230a293 14700 libpam4j-java_1.4-2+deb9u1_all.deb
b5f52537fe8ef42151ed910e7ba2ec2e319653b64c8ddb847d00606dff238b79 15358 libpam4j_1.4-2+deb9u1_amd64.buildinfo
Files:
91e2e8ec5d74c90ad95de50993d04428 2288 java optional libpam4j_1.4-2+deb9u1.dsc
20d90b25f700a559f022d870682f5659 6880 java optional libpam4j_1.4.orig.tar.gz
600f666da593a215305beb5b7b39639d 4972 java optional libpam4j_1.4-2+deb9u1.debian.tar.xz
9d048975b9c086de3f4783f563f8ad70 24244 doc optional libpam4j-java-doc_1.4-2+deb9u1_all.deb
d3262cc040d409901e683edaa870f90b 14700 java optional libpam4j-java_1.4-2+deb9u1_all.deb
1fb1f71ffbef837f868e93ed708c7aaf 15358 java optional libpam4j_1.4-2+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloB7ZdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk2UoQAJp9fN63hWiZb853UHStVM+sOgPL6f1fzV3V
+kJkIX+gN4kgvfx31FiUb6M0YSN+9qHfKOYuoAZ337blPoG+u/UpM6gVt+Px5Uuz
J91S37HNY93trSrd/wzaEF4hy9bzOJYlaM0yd0oGpAhN+lSuJYDqaxIW7kkckcRF
D9C8gdrVtJvfwi1/IuurMMLA4iIDb87bkPFZiDFoK+HSGyuMzuX0yHK4dIr8H+5N
5rncF32Cyr+G/SFQcYoAlRsCKTWamOrzp647BI6iA1VLuN8XW3rWoiOkTsZH09at
X23+Nuybn7q0Ro+fM7cEN7MvqbXGTLY6aKw1rKOOivvZwFCSCFXTStMeBPPNZm3I
0OuDfYEj3ERWNp7PwPIXgSMffxVl0riUsKlpbcPqRhPnnfCQuD2dLrQ1f4+CgTk2
tqRuKCgxs0LWvfB+mtnfjh5PAdYtAwIJwusKBc8bHTTUyZyWNH39S3dYWICcAXDf
HfmLvV9ZnvwVDNL29sQrkX63OiGRCxDb9pnO9OCw2f929zOwsHJQdJeV3S4Ql1F+
lWbx65cLt2OL/51XW1uD4xYu5Nun0tFLrxSwzXXBZQsD1gL3Q9usUWYnNm5jB+xI
ItR5lYEKMMSFlgw3sEi5hqvsIxU0I5booKdOKZX0hXlLY0YVqs/jbhAM/bTQIfOd
5nQe4fSO
=6xcV
-----END PGP SIGNATURE-----