https://bugzilla.suse.com/show_bug.cgi?id=1209238 https://bugzilla.suse.com/show_bug.cgi?id=1209238#c6 --- Comment #6 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- I'm done with the audit. lastlog2 implements a PAM session interface that logs user information to a world-readable sqlite3 database. An accompanying binary /usr/bin/lastlog2 parses this information. The latter also includes an import feature to migrate old lastlog files. The only finding (CWE-89) was discovered in the PAM part of the package: https://bugzilla.suse.com/show_bug.cgi?id=1209587 Upstream addressed this promptly and correctly already, so there's nothing in the way of a whitelisting. -- You are receiving this mail because: You are on the CC list for the bug.