[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] util-linux 2.29.2 fixes CVE-2017-2616
From:       Tobias_Stöckmann <tobias () stoeckmann ! org>
Date:       2017-02-23 18:10:51
Message-ID: a3beb7ec-c3e0-6506-cbbc-18a7f92eeca4 () stoeckmann ! org
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


Hello,

as I have discovered the issue, I can confirm that su of util-linux as
well as shadow are affected.

I have supplied patches to both maintainers and the shadow patch has
been pushed now, too.

The code shares a common origin but differs slightly, which in fact made
the patch for shadow a bit trickier.

But as the code bases are so close to each other, I don't think that it
takes another CVE-ID for this one.


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]