On Thu, 25 Jun 2015 22:33:21 +0200 Salvatore Bonaccorso <car...@debian.org> wrote: > CVE-2015-3238[0]: > DoS/user enumeration due to blocking pipe in pam_unix module
Just a friendly ping; any movement towards fixing or at least investigating this vuln? This package is part of minbase, so IMO it looks a little strange to have even something as low as a CVSS 5.8 still pending a maintainer response (even just a "naw, this isn't a problem and won't be fixed"). Is it a matter of crafting a patch with the upstream fix? (I'm willing to try my hand at doing so if it'd be helpful.) ♥, - Tianon 4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
