Comment 17 for bug 1729357

I had a preliminary patch written, but it was getting quite complicated (shadow's codebase is much more complicated than I expected -- and the /etc/subgid parsing code is intertwined with the parsing code for all of the other /etc/... files). I am working on it though.

I've also email the SUSE Security team about getting a CVE assigned, though I'm not sure if it's better that we get it assigned or that the Ubuntu folks get it assigned.