add advisory for pam-bindings by MartinNowak · Pull Request #2771 · rustsec/advisory-db

MartinNowak · 2026-04-08T12:02:03Z

Depeneds on: rustsec/rustsec#1582

djc

Thanks for reporting! Should address the lint issue.

I've asked the maintainers to confirm they're okay with an advisory in

lvkv/pam-rs#16

MartinNowak · 2026-04-08T12:26:05Z

Should address the lint issue.

I'm having trouble with the crate name pam-bindings not matching the library name pam 🤔.

djc · 2026-04-08T13:11:32Z

Should address the lint issue.

I'm having trouble with the crate name pam-bindings not matching the library name pam 🤔.

Huh, that's a little annoying. Can you file an issue against the rustsec/rustsec repo?

MartinNowak · 2026-05-05T06:49:19Z

I've updated the advisory and commented out the affected function for now to unblock this @djc.

Hopefully the pragmatic approach can be merged rustsec/rustsec#1575 (comment), but that shouldn't block alerting PAM module implementations to check whether they are affected.

Thanksfully one module already implemented a workaround rado0x54/pam-ssh-agent-webauthn#14.

MartinNowak mentioned this pull request Apr 8, 2026

Unsound unsafe use in PamHandle::get_user lvkv/pam-rs#16

Closed

djc reviewed Apr 8, 2026

View reviewed changes

Comment thread crates/pam-bindings/RUSTSEC-0000-0000.md Outdated

MartinNowak force-pushed the pam-bindings branch 3 times, most recently from 2661a13 to 0f2af77 Compare April 8, 2026 12:25

MartinNowak force-pushed the pam-bindings branch from 0f2af77 to ee630bf Compare April 8, 2026 14:02

MartinNowak mentioned this pull request Apr 8, 2026

advisory linter requires affected functions to start with package rather than crate name rustsec/rustsec#1575

Open

MartinNowak force-pushed the pam-bindings branch from ee630bf to 05d08f2 Compare April 15, 2026 09:38

rado0x54 mentioned this pull request Apr 28, 2026

Track pam-bindings release-build bug — drop pam_get_user workaround once upstream is fixed rado0x54/pam-ssh-agent-webauthn#14

Open

add advisory for pam-bindings

ffa3eb1

MartinNowak force-pushed the pam-bindings branch from 05d08f2 to ffa3eb1 Compare May 5, 2026 06:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add advisory for pam-bindings#2771

add advisory for pam-bindings#2771
MartinNowak wants to merge 1 commit into
rustsec:mainfrom
MartinNowak:pam-bindings

MartinNowak commented Apr 8, 2026 •

edited

Loading

Uh oh!

djc left a comment

Uh oh!

Uh oh!

MartinNowak commented Apr 8, 2026

Uh oh!

djc commented Apr 8, 2026

Uh oh!

MartinNowak commented May 5, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

MartinNowak commented Apr 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

djc left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

MartinNowak commented Apr 8, 2026

Uh oh!

djc commented Apr 8, 2026

Uh oh!

MartinNowak commented May 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

MartinNowak commented Apr 8, 2026 •

edited

Loading

MartinNowak commented May 5, 2026 •

edited

Loading