On Sat, 23 Jul 2016 11:24:58 -0500 "Douglas R. Reno" <[email protected]> wrote:
> Bruce Dubbs wrote: > > I can find no description for this vulnerability. The links just say > > that the Debian version is vulnerable and unfixed. Looking at Mitre, > > they just say the CVE entry is reserved. > > > > Without any detail, there is nothing we can do. > > > > RedHat does say the vulnerabilty is 'local' > > > > I did find this: > > > > http://seclists.org/oss-sec/2016/q3/115 > > > > -- Bruce > > > The CVE will remain reserved as long as a company like Novell (SuSE) or > RedHat feels like it. There is no policy on that. There are several that > have been released publicly that still say reserved thanks to the > actions of those companies. Canonical is probably the same way. See the > emails I forwarded privately for patches and such. I don't think Mailman > would approve of me forwarding all 7 of them at one time. > Hello Douglas, Thank you for the Shadow resources. I've also been watching the pkg-shadow-devel list for a long time. There are many updates since the last Shadow release, and a new maintainer is also in the mix. They are planning a Shadow 4.3 release which fixes a lot of issues. Be on the lookout for it in a few weeks/months. The release has been slow moving. Please review changes at https://github.com/shadow-maint/shadow Sincerely, William Harrington -- William Harrington <[email protected]> -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
