[lfs-dev] Bug#832170: shadow: CVE-2016-6252: Incorrect integer handling

Bruce Dubbs bruce.dubbs at gmail.com
Sat Jul 23 09:03:40 PDT 2016


I can find no description for this vulnerability.  The links just say that 
the Debian version is vulnerable and unfixed.  Looking at Mitre, they just 
say the CVE entry is reserved.

Without any detail, there is nothing we can do.

RedHat does say the vulnerabilty is 'local'

I did find this:

http://seclists.org/oss-sec/2016/q3/115

   -- Bruce

William Harrington wrote:
>  From pkg-shadow dev mailing list:
>
> Source: shadow
> Version: 1:4.1.5.1-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for shadow.
>
> CVE-2016-6252[0]:
> incorrect integer handling
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2016-6252
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>



More information about the lfs-dev mailing list