[lfs-dev] Bug#832170: shadow: CVE-2016-6252: Incorrect integer handling
bruce.dubbs at gmail.com
Sat Jul 23 09:03:40 PDT 2016
I can find no description for this vulnerability. The links just say that
the Debian version is vulnerable and unfixed. Looking at Mitre, they just
say the CVE entry is reserved.
Without any detail, there is nothing we can do.
RedHat does say the vulnerabilty is 'local'
I did find this:
William Harrington wrote:
> From pkg-shadow dev mailing list:
> Source: shadow
> Version: 1:126.96.36.199-1
> Severity: important
> Tags: security upstream
> the following vulnerability was published for shadow.
> incorrect integer handling
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> For further information see:
>  https://security-tracker.debian.org/tracker/CVE-2016-6252
> Please adjust the affected versions in the BTS as needed.
More information about the lfs-dev