[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: linux-pam: Update to 1.3.0.
From: |
David Craven |
Subject: |
Re: [PATCH] gnu: linux-pam: Update to 1.3.0. |
Date: |
Sun, 28 Aug 2016 22:21:46 +0200 |
> “XXX” is fine here, because it may be impossible for us to fix it.
Ah ok.
> I think this part should indeed be a separate patch. Also, Flex should
> be ‘native-inputs’ presumably, whereas Cracklib should be in ‘inputs’.
Already realized it, and pushed to core-updates as
7483230f17880c1cd50d1de53496dc1ececebbb8
25d1b3107fc7ebdc155649722fc257f4dbc4b04a
and Leo already commented on a related security issue and is reverting
the second commit:
> For CVE-2016-6318, the disclosure message pointed out that if
> cracklib is compiled without the FORTIFY_SOURCE compiler flag, the bug
> can result in code execution and privilege escalation.