[3.5] shadow: Several vulnerabilities (CVE-2016-6252, CVE-2017-2616)
CVE-2016-6252: Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
CVE-2017-2616: su: properly clear child PID
Both patches were added to git master:
(from redmine: issue id 6943, created on 2017-02-27, closed on 2017-03-03)
- Revision 0d877346 by Henrik Riomar on 2017-02-28T14:40:15Z:
community/shadow: CVE-2016-6252 & CVE-2017-2616 Patches from Debian Jessie (1:4.2-3+deb8u3 & 1:4.2-3+deb8u2) fixes #6943 (cherry picked from commit e9a92d060e2e59ac087373af9b81546c2a761d07)