CVE-2017-9525 in Debian Stretch stable release

To: debian-security@lists.debian.org
Subject: CVE-2017-9525 in Debian Stretch stable release
From: Vladyslav Cherednychenko <vladyslav.cherednychenko@aboutyou.com>
Date: Thu, 11 Jul 2019 17:21:38 +0200
Message-id: <[🔎] 1789BCBD-A8B2-4693-A7CC-C12FE181D7AB@aboutyou.com>

Dear Debian Security Team,

I noticed that the latest available cron package in the stable distribution of Debian Stretch is vulnerable to CVE-2017-9525:

https://security-tracker.debian.org/tracker/CVE-2017-9525

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864466

It seems like this issue has been known for a while now and fixed. Are there plans to include cron version 3.0pl1-129 to the stable release of Debian Stretch?

Regards,
Vladyslav Cherednychenko
Information Security Engineer

ABOUT YOU° GmbH
Domstraße 10
20095 Hamburg
Email: vladyslav.cherednychenko@aboutyou.de
Phone: +49 40 638 569 313
www.aboutyou.de

Reply to:

Follow-Ups:
- Re: CVE-2017-9525 in Debian Stretch stable release
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#931785: release-notes: bullseye: security suite renamed to bullseye-security (from buster/updates)
Next by Date: Re: CVE-2017-9525 in Debian Stretch stable release
Previous by thread: Bug#931785: release-notes: bullseye: security suite renamed to bullseye-security (from buster/updates)
Next by thread: Re: CVE-2017-9525 in Debian Stretch stable release
Index(es):
- Date
- Thread