Bruce Dubbs wrote:
I can find no description for this vulnerability. The links just say
that the Debian version is vulnerable and unfixed. Looking at Mitre,
they just say the CVE entry is reserved.
Without any detail, there is nothing we can do.
RedHat does say the vulnerabilty is 'local'
I did find this:
http://seclists.org/oss-sec/2016/q3/115
-- Bruce
The CVE will remain reserved as long as a company like Novell (SuSE) or
RedHat feels like it. There is no policy on that. There are several that
have been released publicly that still say reserved thanks to the
actions of those companies. Canonical is probably the same way. See the
emails I forwarded privately for patches and such. I don't think Mailman
would approve of me forwarding all 7 of them at one time.
William Harrington wrote:
From pkg-shadow dev mailing list:
Source: shadow
Version: 1:4.1.5.1-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for shadow.
CVE-2016-6252[0]:
incorrect integer handling
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6252
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--
Douglas R. Reno
--LFS/BLFS systemd maintainer
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
