I had a preliminary patch written, but it was getting quite complicated
(shadow's codebase is much more complicated than I expected -- and the
/etc/subgid parsing code is intertwined with the parsing code for all of
the other /etc/... files). I am working on it though.

I've also email the SUSE Security team about getting a CVE assigned,
though I'm not sure if it's better that we get it assigned or that the
Ubuntu folks get it assigned.

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  unprivileged user can drop supplementary groups

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to