[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Jessie update of cron?

Hi Christian, hi all,

On  So 17 Mär 2019 21:40:24 CET, Christian Kastner wrote:


On 17.03.19 21:31, Christian Kastner wrote:

debdiff attached.


Sorry, I noticed too late that the fix for CVE-2017-9525 was incomplete,
it needed another cherry-pick.

Corrected debdiff attached, and commit pushed to wip/jessie.

Regards,
Christian
I just uploaded this second .debdiff with some slight changes to jessie-security. DLAnnouncement will come in a minute. 

Thanks for your work on cron for Debian jessie LTS.

Mike

```
--- cron.deb8u2.debdiff	2019-03-21 20:36:41.432413610 +0100
+++ cron_3.0pl1-127+deb8u1_deb8u2.debdiff	2019-03-21 20:47:11.121917940 +0100
@@ -108,7 +108,7 @@
 --- cron-3.0pl1/debian/NEWS
 +++ cron-3.0pl1/debian/NEWS
 @@ -1,3 +1,13 @@
-+cron (3.0pl1-127+deb8u2) unstable; urgency=medium
++cron (3.0pl1-127+deb8u2) jessie-security; urgency=medium
 +
+ * As a reasonable protective measure, crontabs are now limited to 1000 lines 
 +    in length per crontab.
@@ -124,9 +124,10 @@
 diff -u cron-3.0pl1/debian/changelog cron-3.0pl1/debian/changelog
 --- cron-3.0pl1/debian/changelog
 +++ cron-3.0pl1/debian/changelog
-@@ -1,3 +1,29 @@
+@@ -1,3 +1,33 @@
 +cron (3.0pl1-127+deb8u2) jessie-security; urgency=medium
 +
++  [ Christian Kastner ]
 +  * SECURITY: Fix bypass of /etc/cron.{allow,deny} on failure to open
 +    If these files exist, then they must be readable by the user executing
 +    crontab(1). Users will now be denied by default if they aren't.
@@ -149,7 +150,10 @@
 +    (CVE-2017-9525)
 +  * Add d/NEWS altering to the new 1000 lines limit.
 +
-+ -- Christian Kastner <ckk@debian.org>  Sun, 17 Mar 2019 14:12:24 +0100
++  [ Mike Gabriel ]
++  * debian/NEWS: Fix <distribution> from unstable to jessie-security.
++
++ -- Mike Gabriel <sunweaver@debian.org>  Thu, 21 Mar 2019 20:43:10 +0100
 +
  cron (3.0pl1-127+deb8u1) jessie; urgency=medium

```
--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net


--- cron.deb8u2.debdiff	2019-03-21 20:36:41.432413610 +0100
+++ cron_3.0pl1-127+deb8u1_deb8u2.debdiff	2019-03-21 20:47:11.121917940 +0100
@@ -108,7 +108,7 @@
 --- cron-3.0pl1/debian/NEWS
 +++ cron-3.0pl1/debian/NEWS
 @@ -1,3 +1,13 @@
-+cron (3.0pl1-127+deb8u2) unstable; urgency=medium
++cron (3.0pl1-127+deb8u2) jessie-security; urgency=medium
 +
 +  * As a reasonable protective measure, crontabs are now limited to 1000 lines
 +    in length per crontab.
@@ -124,9 +124,10 @@
 diff -u cron-3.0pl1/debian/changelog cron-3.0pl1/debian/changelog
 --- cron-3.0pl1/debian/changelog
 +++ cron-3.0pl1/debian/changelog
-@@ -1,3 +1,29 @@
+@@ -1,3 +1,33 @@
 +cron (3.0pl1-127+deb8u2) jessie-security; urgency=medium
 +
++  [ Christian Kastner ]
 +  * SECURITY: Fix bypass of /etc/cron.{allow,deny} on failure to open
 +    If these files exist, then they must be readable by the user executing
 +    crontab(1). Users will now be denied by default if they aren't.
@@ -149,7 +150,10 @@
 +    (CVE-2017-9525)
 +  * Add d/NEWS altering to the new 1000 lines limit.
 +
-+ -- Christian Kastner <ckk@debian.org>  Sun, 17 Mar 2019 14:12:24 +0100
++  [ Mike Gabriel ]
++  * debian/NEWS: Fix <distribution> from unstable to jessie-security.
++
++ -- Mike Gabriel <sunweaver@debian.org>  Thu, 21 Mar 2019 20:43:10 +0100
 +
  cron (3.0pl1-127+deb8u1) jessie; urgency=medium

Attachment: pgpL6fHBGfyhE.pgp
Description: Digitale PGP-Signatur

Reply to: