I can find no description for this vulnerability. The links just say that
the Debian version is vulnerable and unfixed. Looking at Mitre, they just
say the CVE entry is reserved.
Without any detail, there is nothing we can do.
RedHat does say the vulnerabilty is 'local'
I did find this:
http://seclists.org/oss-sec/2016/q3/115
-- Bruce
William Harrington wrote:
From pkg-shadow dev mailing list:
Source: shadow
Version: 1:4.1.5.1-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for shadow.
CVE-2016-6252[0]:
incorrect integer handling
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6252
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
