[Secure-testing-commits] r43450 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jul 25 12:58:25 UTC 2016
Author: carnil
Date: 2016-07-25 12:58:25 +0000 (Mon, 25 Jul 2016)
New Revision: 43450
Modified:
data/CVE/list
Log:
Add references for shadow issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-25 12:37:34 UTC (rev 43449)
+++ data/CVE/list 2016-07-25 12:58:25 UTC (rev 43450)
@@ -344,9 +344,11 @@
CVE-2016-6252 [incorrect integer handling]
RESERVED
- shadow <unfixed> (bug #832170)
+ NOTE: https://github.com/shadow-maint/shadow/issues/27
CVE-2016-6251 [potentially unsafe use of getlogin]
RESERVED
- shadow <unfixed> (unimportant)
+ NOTE: https://github.com/shadow-maint/shadow/issues/28
NOTE: The use of getlogin in shadow is safe, it is only used to diferentiate
NOTE: the user if there are multiple users with the same uid -> same privileges
NOTE: anyway. Cf. http://seclists.org/oss-sec/2016/q3/120
More information about the Secure-testing-commits
mailing list