1 files changed, 86 insertions, 0 deletions
diff --git a/debian/patches-applied/cve-2010-4708.patch b/debian/patches-applied/cve-2010-4708.patch
new file mode 100644
index 00000000..10128284
--- /dev/null
+++ b/debian/patches-applied/cve-2010-4708.patch
@@ -0,0 +1,86 @@
+Description: fix cve-2010-4708: .pam_environment privilege issue
+Index: pam/modules/pam_env/pam_env.c
+===================================================================
+--- pam.orig/modules/pam_env/pam_env.c
++++ pam/modules/pam_env/pam_env.c
+@@ -10,7 +10,7 @@
+ #define DEFAULT_READ_ENVFILE    1
+ 
+ #define DEFAULT_USER_ENVFILE    ".pam_environment"
+-#define DEFAULT_USER_READ_ENVFILE 1
++#define DEFAULT_USER_READ_ENVFILE 0
+ 
+ #include "config.h"
+ 
+Index: pam/modules/pam_env/pam_env.8.xml
+===================================================================
+--- pam.orig/modules/pam_env/pam_env.8.xml
++++ pam/modules/pam_env/pam_env.8.xml
+@@ -147,7 +147,7 @@
+         <listitem>
+           <para>
+             Turns on or off the reading of the user specific environment
+-            file. 0 is off, 1 is on. By default this option is on.
++            file. 0 is off, 1 is on. By default this option is off.
+           </para>
+         </listitem>
+       </varlistentry>
+Index: pam/modules/pam_env/pam_env.8
+===================================================================
+--- pam.orig/modules/pam_env/pam_env.8
++++ pam/modules/pam_env/pam_env.8
+@@ -2,12 +2,12 @@
+ .\"     Title: pam_env
+ .\"    Author: [see the "AUTHOR" section]
+ .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+-.\"      Date: 09/19/2013
++.\"      Date: 01/15/2014
+ .\"    Manual: Linux-PAM Manual
+ .\"    Source: Linux-PAM Manual
+ .\"  Language: English
+ .\"
+-.TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -88,7 +88,7 @@
+ .PP
+ \fBuser_readenv=\fR\fB\fI0|1\fR\fR
+ .RS 4
+-Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is on\&.
++Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off\&.
+ .RE
+ .SH "MODULE TYPES PROVIDED"
+ .PP
+@@ -138,7 +138,7 @@
+ .PP
+ \fBpam_env.conf\fR(5),
+ \fBpam.d\fR(5),
+-\fBpam\fR(8)\&.
++\fBpam\fR(7)\&.
+ .SH "AUTHOR"
+ .PP
+ pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&.
+Index: pam/modules/pam_env/README
+===================================================================
+--- pam.orig/modules/pam_env/README
++++ pam/modules/pam_env/README
+@@ -5,7 +5,7 @@
+ DESCRIPTION
+ 
+ The pam_env PAM module allows the (un)setting of environment variables.
+-Supported is the use of previously set environment variables as well as
++Supported is the use of previously set environment variables as well as 
+ PAM_ITEMs such as PAM_RHOST.
+ 
+ By default rules for (un)setting of variables is taken from the config file /
+@@ -50,7 +50,7 @@
+ user_readenv=0|1
+ 
+     Turns on or off the reading of the user specific environment file. 0 is
+-    off, 1 is on. By default this option is on.
++    off, 1 is on. By default this option is off.
+ 
+ EXAMPLES
+