Util-linux-ng 2.13.1.1 Release Notes (22-Apr-2008)
==================================================

Fixed security issues:
---------------------

 - audit log injection attack. This bug allows attackers to write
   arbitrary characters to an audit log via a crafted username.

 The problem was originaly reported for OpenSSH few months ago
 (CVE-2007-3102). The login(1) is affected by the same bug when
 built with the option "--with-audit".

Changelog:
---------

 For more details see ChangeLog files at:
 ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/


login:
   - audit log injection attack via login  [Steve Grubb]
po:
   - merge changes  [Karel Zak]
   - update it.po (from translationproject.org)  [Marco Colombo]
   - update nl.po (from translationproject.org)  [Benno Schulenberg]