https://linuxsecurity.com/advisories/archlinux?start=5 issued alert 17.12.2020 about ‘’… package pam before version 1.5.0-2 is vulnerable to authentication bypass.’’ This package pam version 1.5.0-1 is now in Manjaro official core sources. Removing of this pam package from PC requires removing of many other substantial packages.
Is there any info about fix to this vulnerability of pam?
Its an update.
The fixed version (1.5.0-2) is in Testing and Unstable Branches.
It will hit Stable soon.
Please lets not have -yet another- thread about how the branches work or ‘why isnt package X the latest’ ad nauseum …
PS … if you just read the posting you linked to … its pretty clear this is not an imminent threat … it requires root to have an empty password:
The issue can be mitigated by setting a non-empty password for the root
user.
In the advisory page you mentioned it says:
The issue can be mitigated by setting a non-empty password for the root
user.
So please don’t try to remove pam.
Also as mentioned above, please see this.
haha and I just got around to reading the thing instead of giving the standard response 
Your posts almost seem like a GIF sometimes. The edits. 