[Bug 2006073] [NEW] PAM: CVE-2022-28321 patch not correctly applied
Nishit Majithia
2006073 at bugs.launchpad.net
Mon Feb 6 03:04:35 UTC 2023
Public bug reported:
In the latest update for PAM, the patch was added to "debian/patches"
instead of "debian/patches-applied" where all other PAM patches reside.
pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium
* SECURITY UPDATE: authentication bypass vulnerability
- debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in
access.conf
- CVE-2022-28321
-- Nishit Majithia <nishit.majithia at canonical.com> Tue, 24 Jan 2023
17:15:43 +0530
While building, it picks up all patches from debian/patches-applied but not
debian/patches. The build passes but the CVE fix is not applied.
** Affects: pam (Ubuntu)
Importance: Undecided
Assignee: Nishit Majithia (0xnishit)
Status: New
** Changed in: pam (Ubuntu)
Assignee: (unassigned) => Nishit Majithia (0xnishit)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2006073
Title:
PAM: CVE-2022-28321 patch not correctly applied
Status in pam package in Ubuntu:
New
Bug description:
In the latest update for PAM, the patch was added to "debian/patches"
instead of "debian/patches-applied" where all other PAM patches
reside.
pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium
* SECURITY UPDATE: authentication bypass vulnerability
- debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in
access.conf
- CVE-2022-28321
-- Nishit Majithia <nishit.majithia at canonical.com> Tue, 24 Jan 2023
17:15:43 +0530
While building, it picks up all patches from debian/patches-applied but not
debian/patches. The build passes but the CVE fix is not applied.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2006073/+subscriptions
More information about the foundations-bugs
mailing list