On Thu, Feb 15, 2018 at 11:30 PM, Craig Furman <1729...@bugs.launchpad.net> wrote: > Thanks for the credit! I did highlight that the bug was in newgidmap in > my initial report, by the way.
No problem -- you found the issue after all. Sorry for getting the timeline wrong, did you want me to change the credits at all? It's your call. > Aleksa, thanks for asking for a CVE? How did you go about this? This is > new territory to me. You just submit the online form at https://cveform.mitre.org/. You can also go through the project if the project is registered with MITRE. (Canonical is registered for example, but since this bug affects all distributions and not just Ubuntu I felt it made more sense to just submit directly.) There didn't appear to be any way for me to add you to Cc in the form (I could only provide a single contact address), but I can forward the mails to you. -- Aleksa Sarai (cyphar) www.cyphar.com -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729357 Title: unprivileged user can drop supplementary groups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
