[Pkg-shadow-devel] Bug#862806: /bin/su: Regression from CVE-2017-2616 fix: killing su does not kill subprocess
Salvatore Bonaccorso
carnil at debian.org
Wed May 17 10:42:26 UTC 2017
Package: login
Version: 1:4.4-4
Severity: serious
File: /bin/su
Tags: patch upstream security
Justification: regression
Forwarded: https://github.com/shadow-maint/shadow/pull/72
Hi
Filling this as severity serious (and thus RC) since a repvious
targetted fix for CVE-2017-2616 causes the regression.
Details:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1690820
Upstream pull-request:
https://github.com/shadow-maint/shadow/pull/72
Upstream fix:
https://github.com/shadow-maint/shadow/pull/72/commits/7d82f203eeec881c584b2fa06539b39e82985d97
Regards,
Salvatore
More information about the Pkg-shadow-devel
mailing list