Back to cron PTS page

Accepted cron 3.0pl1-128+deb9u2 (source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted cron 3.0pl1-128+deb9u2 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 30 Oct 2021 12:10:12 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1mgnBc-00047h-R7@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Oct 2021 23:04:48 +0300
Source: cron
Binary: cron
Architecture: source
Version: 3.0pl1-128+deb9u2
Distribution: stretch-security
Urgency: medium
Maintainer: Javier Fernández-Sanguino Peña <jfs@debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Description:
 cron       - process scheduling daemon
Closes: 809167
Changes:
 cron (3.0pl1-128+deb9u2) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
 .
   [ Christian Kastner ]
   * SECURITY: Fix bypass of /etc/cron.{allow,deny} on failure to open
     If these files exist, then they must be readable by the user executing
     crontab(1). Users will now be denied by default if they aren't.
     (LP: #1813833)
   * SECURITY: Fix for possible DoS by use-after-free
     A user reported a use-after-free condition in the cron daemon, leading to a
     possible Denial-of-Service scenario by crashing the daemon.
     (CVE-2019-9706) (Closes: #809167)
   * SECURITY: DoS: Fix unchecked return of calloc()
     Florian Weimer discovered that a missing check for the return value of
     calloc() could crash the daemon, which could be triggered by a very
     large crontab created by a user. (CVE-2019-9704)
   * Enforce maximum crontab line count of 10000 to prevent a malicious user
     from creating an excessivly large crontab. The daemon will log a warning
     for existing files, and crontab(1) will refuse to create new ones.
     (CVE-2019-9705)
   * SECURITY: group crontab to root escalation
     via postinst as described by Alexander Peslyak (Solar Designer) in
     http://www.openwall.com/lists/oss-security/2017/06/08/3
     (CVE-2017-9525)
   * Add d/NEWS altering to the new 10000 lines limit.
Checksums-Sha1:
 207db001fedf1d56c457b747edd44fc85af1645a 1964 cron_3.0pl1-128+deb9u2.dsc
 f8d00de4c7c0eae97bedb4a3ec10ea21d43ece84 59245 cron_3.0pl1.orig.tar.gz
 cee0591afb635b164126e87bf3815f3920294cb3 100473 cron_3.0pl1-128+deb9u2.diff.gz
Checksums-Sha256:
 7bacb25a665702d5dc68fa91d2026867c61ce4f8ee33303bf9e3c51db147dd38 1964 cron_3.0pl1-128+deb9u2.dsc
 d931e0688005dfa85cfdb60e19bf0a3848ebfa3ee3415bf2a6ea3ea9e5bcfd21 59245 cron_3.0pl1.orig.tar.gz
 a46ee89b66eb06ad11ae8a68cc97c0c52fa50ba4f3ef37302c84923025be9a2f 100473 cron_3.0pl1-128+deb9u2.diff.gz
Files:
 3a5aca62864ee1f053379d75fc609d63 1964 admin important cron_3.0pl1-128+deb9u2.dsc
 4c64aece846f8483daf440f8e3dd210f 59245 admin important cron_3.0pl1.orig.tar.gz
 5c1aec24f9071ecfffac1c43229c30f0 100473 admin important cron_3.0pl1-128+deb9u2.diff.gz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF9MWMACgkQiNJCh6LY
mLGJNBAAsPKoehx5IiCl6Lnxk4mMX/8SiokJQoC7WjSwM5lExJwsGG3K8YwC4AyA
cBCLcg3LIaOzVRSNwOvnZwR6juawYf5jl/OuaNnAMHaDZ/mqcePbR4LgrvD63ET9
MF8WgJ2SEmgKCRbrpv74IrAbNR3j/mRZmbeKGE9p4Xlwx9I2lOAj1jcV8cMZyqCu
KEnAuLERWlwrvf2rcPoU5H0cUXkPQxT3YbZhjfL7N5zF9V0z7FmZkLN4ibKFsaFs
XxfDNXsA/0jibFeSWnZMS5Ptjq2BGsSVoY82tQSkf/btPcUs0/wYwIf3Br2N2H4I
eMGP6ZluHYc3mUEw+OjGdPA7+v00/rRpUE/JV0jxYXB61WL7Qq7lkjsCjJTb/ep/
faSTeeIE9e7shB96xfRZHVZJRwIlay/A7x1nCBnJiHBDeCLJLYTYJ3LFCFJcJuHx
0UahwqQF4HSM1pxVrmhgCCO6K8SidvyTn+mGS3JpKq/EvlMvSpUC0YFQSnk+dqTO
a36cv5on6nIZ4TIuvJoIIkzqzc2fX/4+aEWng4eqLzdHA9YSDXZTBVJBe0GD8b3l
OlR9Ntg4pigT1ag1L9I2FCmQPe6y2cXCYtpySbg0ecHvaAIrctXWqW/sb+nEC/y7
5RsoHTIT8SvidRL4AAEf9+hZB5jmU6NaGUHqre9RwjYwX229FLY=
=HMbp
-----END PGP SIGNATURE-----