Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Jul 2016 22:21:59 +0200
From: Salvatore Bonaccorso <>
To: "Eric W. Biederman" <>,
	Sebastian Krahmer <>,,,
	CVE Assignments MITRE <>
Subject: Re: Re: [Pkg-shadow-devel] subuid security patches
 for shadow package


On Wed, Jul 20, 2016 at 11:48:52PM +0200, Nicolas Fran├žois wrote:
> Hi,
> The first point looks like a non issue to me.
> getlogin() is used to differentiate users with the same UID.
> The result of getlogin() is checked: if it returns a username that do not
> have the UID returned by getuid(), it will be ignored.

@MITRE CVE assignment team: This is for CVE-2016-6251. See above and . 

Should this CVE be REJECTED?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ