[Pkg-giraffe-maintainers] Bug#1016973: kopanocore: CVE-2022-26562
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 11 19:57:57 BST 2022
Hi Andreas,
On Thu, Aug 11, 2022 at 04:45:06PM +0200, Andreas Rönnquist wrote:
> To me it looks like the pam authenticator check miss a check with
> pam_acct_mgmt in addition to the pam_authenticate that is already
> there, see the attached patch.
>
> myproxy has similar code, and does a similar thing here:
>
> https://sources.debian.org/src/myproxy/6.2.14-2/auth_pam.c/?hl=227#L227
>
> (It checks first with pam_authenticate(), then with pam_acct_mgmt(),
> and would fail if account or password is expired).
Can you get in contact with upstream about it?
Regards,
Salvatore
More information about the Pkg-giraffe-maintainers
mailing list