Format: 1.8
Date: Fri, 22 Mar 2024 14:14:36 +0100
Source: libpve-access-control
Binary: libpve-access-control
Architecture: all
Version: 8.1.3
Distribution: bookworm
Urgency: medium
Maintainer: Proxmox Support Team <support@proxmox.com>
Changed-By: Proxmox Support Team <support@proxmox.com>
Description:
 libpve-access-control - Proxmox VE access control library
Changes:
 libpve-access-control (8.1.3) bookworm; urgency=medium
 .
   * user: password change: require confirmation-password parameter so that
     anybody gaining local or physical access to a device where a user is
     logged in on a Proxmox VE web-interface cannot give them more permanent
     access or deny the actual user accessing their account by changing the
     password. Note that such an attack scenario means that the attacker
     already has high privileges and can already control the resource
     completely through another attack.
     Such initial attacks (like stealing an unlocked device) are almost always
     are outside of the control of our projects. Still, hardening the API a bit
     by requiring a confirmation of the original password is to cheap to
     implement to not do so.
 .
   * jobs: realm sync: fix scheduled LDAP syncs not applying all attributes,
     like comments, correctly
Checksums-Sha1:
 a4045dc702f33546fcb67edbdf9cf1eee763a7d0 72124 libpve-access-control_8.1.3_all.deb
 f69c1657ad4df2055d926e0347bc32385f3aee82 13530 libpve-access-control_8.1.3_arm64.buildinfo
Checksums-Sha256:
 6e41712c585d279efcb1d5893f8d7e295712784fc746b1b2175c643af29cc167 72124 libpve-access-control_8.1.3_all.deb
 691ac069baafea04b3eebd3616dd6bc90b0418bf66a4e167ba3fbfeab3efe8d6 13530 libpve-access-control_8.1.3_arm64.buildinfo
Files:
 bd7c01ef1cb07dcdcdc57a06e1c0e254 72124 perl optional libpve-access-control_8.1.3_all.deb
 379ae6bed71007aeda26bcbc1f85cc4a 13530 perl optional libpve-access-control_8.1.3_arm64.buildinfo