From: Karel Zak <kzak@redhat.com>
Date: Mon, 24 Aug 2015 09:40:19 +0000 (+0200)
Subject: docs: add hint about chfn & chsh bug and thanks to qualys
X-Git-Tag: v2.27-rc2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9;p=thirdparty%2Futil-linux.git

docs: add hint about chfn & chsh bug and thanks to qualys

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/Documentation/releases/v2.27-ReleaseNotes b/Documentation/releases/v2.27-ReleaseNotes
index d537f7ef61..91a26c0197 100644
--- a/Documentation/releases/v2.27-ReleaseNotes
+++ b/Documentation/releases/v2.27-ReleaseNotes
@@ -57,6 +57,14 @@ RTC_ALM_READ and RTC_ALM_SET fallbacks any more.
 The util-linux code is possible rebuild with --disable-assert now.
 
 
+Security issues
+---------------
+
+CVE-2015-5224 - chfn, chsh file name collision due to incorrect mkstemp use if
+                compiled without libuser.
+                [thanks to Qualys Security Advisory team; qualys.com]
+
+
 Stable maintenance releases between v2.26 and v2.27
 ---------------------------------------------------