[Secure-testing-commits] r49036 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Feb 17 21:13:47 UTC 2017
Author: carnil
Date: 2017-02-17 21:13:47 +0000 (Fri, 17 Feb 2017)
New Revision: 49036
Modified:
data/CVE/list
Log:
CVE-2016-6251 got (correctly) rejected, since not an issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-17 21:11:47 UTC (rev 49035)
+++ data/CVE/list 2017-02-17 21:13:47 UTC (rev 49036)
@@ -26058,14 +26058,8 @@
[wheezy] - shadow <not-affected> (Vulnerable code not present)
NOTE: https://github.com/shadow-maint/shadow/issues/27
NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1 (4.3.1)
-CVE-2016-6251 [potentially unsafe use of getlogin]
+CVE-2016-6251
REJECTED
- - shadow <unfixed> (unimportant)
- NOTE: https://github.com/shadow-maint/shadow/issues/28
- NOTE: The use of getlogin in shadow is safe, it is only used to diferentiate
- NOTE: the user if there are multiple users with the same uid -> same privileges
- NOTE: anyway. Cf. http://seclists.org/oss-sec/2016/q3/120
- NOTE: This CVE should probably be rejected.
CVE-2016-6248
RESERVED
CVE-2016-1000029
More information about the Secure-testing-commits
mailing list