Subject: CVS commit: pkgsrc/www
From: Matthias Drochner
Date: 2011-11-28 16:26:26
Message id: 20111128152626.8A4F0175DD@cvs.netbsd.org

Log Message:
Don't allow '/' characters to be passed to pam_start() by the
PAM helper program. OpenPAM didn't check this, so it could be
tricked into reading arbitrary config files, allowing privilege
escalation.
Standard squid installations don't install the PAM helper SUID, but
depending on local needs, an administrator might choose to do so.
approved by pkg maintainer
bump PKGREV

Files:
RevisionActionfile
1.16modifypkgsrc/www/squid27/Makefile
1.10modifypkgsrc/www/squid27/distinfo
1.35modifypkgsrc/www/squid31/Makefile
1.32modifypkgsrc/www/squid31/distinfo
1.3addpkgsrc/www/squid27/patches/patch-am
1.4addpkgsrc/www/squid31/patches/patch-am