Changelog for pam_ldap-183-1tr.i586.rpm :
Fri Nov 3 13:00:00 2006 Nived Gopalan 183-1tr
- New upstream.
- SECURITY Fix: Steve Rigler has reported a security issue which
can be exploited by malicious people to bypass certain security
restrictions. The issue is caused due to an error within the
handling of \"PasswordPolicyResponse\" control messages when
authenticating against an LDAP server. This causes the
\"pam_authenticate()\" function to always succeed, even if the
previous authentication failed.

The common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2006-5170 to this issue.

Thu Jun 30 14:00:00 2005 Ajith Thampi 175-2tr
- Fix, pam_ldap when connecting to a slave using TLS, does not use TLS for
the subsequent connection if the client is referred to a master, which
causes a password to be sent in cleartext and allows remote attackers to
sniff the password. (CAN-2005-2069)

Mon Sep 27 14:00:00 2004 Nageswara Sastry 175-1tr
- Upgraded to version 175-1tr from 166-3tr

Thu Dec 11 13:00:00 2003 Erlend Midttun 166-1tr
- New upstream.

Fri Aug 1 14:00:00 2003 Erlend Midttun 164-3tr
- Changed description to something sane.

Wed Jun 18 14:00:00 2003 Erlend Midttun 164-2tr
- Big rebuild

Tue Jun 17 14:00:00 2003 Chr. Toldnes 164-1ct
- split ldap.conf into separate package.
- Removed all but one CL-entry
- based on work by Joe Little

Mon Jan 8 13:00:00 2001 Joe Little
- first PAM_LDAP specific RPM, stolen from the previously maintained nss_ldap