Comment # 6 on bug 1209238 from 
I'm done with the audit.

lastlog2 implements a PAM session interface that logs user information to a
world-readable sqlite3 database. An accompanying binary /usr/bin/lastlog2
parses this information. The latter also includes an import feature to migrate
old lastlog files.

The only finding (CWE-89) was discovered in the PAM part of the package:
https://bugzilla.suse.com/show_bug.cgi?id=1209587
Upstream addressed this promptly and correctly already,
so there's nothing in the way of a whitelisting.

You are receiving this mail because: