[Secure-testing-commits] r43353 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 21 20:20:07 UTC 2016
Author: carnil
Date: 2016-07-21 20:20:07 +0000 (Thu, 21 Jul 2016)
New Revision: 43353
Modified:
data/CVE/list
Log:
Add notes for CVE-2016-6251, pinged MITRE about this CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-21 19:23:28 UTC (rev 43352)
+++ data/CVE/list 2016-07-21 20:20:07 UTC (rev 43353)
@@ -46,6 +46,10 @@
- shadow <unfixed>
CVE-2016-6251 [potentially unsafe use of getlogin]
- shadow <unfixed>
+ NOTE: The use of getlogin in shadow is safe, it is only used to diferentiate
+ NOTE: the user if there are multiple users with the same uid -> same privileges
+ NOTE: anyway. Cf. http://seclists.org/oss-sec/2016/q3/120
+ NOTE: This CVE should probably be rejected.
CVE-2016-6248
RESERVED
CVE-2016-1000029
More information about the Secure-testing-commits
mailing list