[Pkg-shadow-devel] [oss-security] Re: subuid security patches for shadow package
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 21 20:21:59 UTC 2016
Hi,
On Wed, Jul 20, 2016 at 11:48:52PM +0200, Nicolas François wrote:
> Hi,
>
> The first point looks like a non issue to me.
>
> getlogin() is used to differentiate users with the same UID.
> The result of getlogin() is checked: if it returns a username that do not
> have the UID returned by getuid(), it will be ignored.
@MITRE CVE assignment team: This is for CVE-2016-6251. See above and
https://bugzilla.redhat.com/show_bug.cgi?id=1358622#c2 .
Should this CVE be REJECTED?
Regards,
Salvatore
More information about the Pkg-shadow-devel
mailing list