From 6fe71fc2e850f0bdc6199e3cb209d75cfd944dc9 Mon Sep 17 00:00:00 2001
From: Karel Zak
Date: Mon, 24 Aug 2015 11:40:19 +0200
Subject: docs: add hint about chfn & chsh bug and thanks to qualys

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 Documentation/releases/v2.27-ReleaseNotes | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'Documentation/releases')

diff --git a/Documentation/releases/v2.27-ReleaseNotes b/Documentation/releases/v2.27-ReleaseNotes
index d537f7ef6..91a26c019 100644
--- a/Documentation/releases/v2.27-ReleaseNotes
+++ b/Documentation/releases/v2.27-ReleaseNotes
@@ -57,6 +57,14 @@ RTC_ALM_READ and RTC_ALM_SET fallbacks any more.
 The util-linux code is possible rebuild with --disable-assert now.
 
 
+Security issues
+---------------
+
+CVE-2015-5224 - chfn, chsh file name collision due to incorrect mkstemp use if
+                compiled without libuser.
+                [thanks to Qualys Security Advisory team; qualys.com]
+
+
 Stable maintenance releases between v2.26 and v2.27
 ---------------------------------------------------
 
-- 
cgit v1.2.3-55-g7522