Re: Bug#306004: cron: CAN-2005-1038
On 23-Apr-05, 09:20 (CDT), Helge Kreutzmann <kreutzm@itp.uni-hannover.de> wrote:
> The report on http://lwn.net/Articles/132380/ (and in the CVE) states,
> that this problem only relates to version 4.1. If this is the case,
> then plase add CAN-2005-1038 to
>
> http://www.debian.org/security/nonvulns-woody
>
> and
>
> http://www.debian.org/security/nonvulns-sarge
I don't have any control over those pages. I've cc'd
debian-www@lists.debian.org: web folks: we're not vulnerable to this.
Anyway, this was fixed long ago, as a perusal of the changelog will
show:
cron (3.0pl1-62) unstable; urgency=medium
[*snip*]
* Protect against reading other people's crontabs via temp file symlink
in crontab -e.
-- Steve Greenland <stevegr@debian.org> Sat, 27 Jan 2001 17:01:43 -0600
As for the older CVE, a few minutes investigation shows that this was
fixed in -57.2, as per Debian DSA-024, back in potato days, thus it
doesn't belong on the woody or sarge nonvulns page.
Oh, and thanks to Mr. Gran for checking sarge and sid.
Steve
--
Steve Greenland
The irony is that Bill Gates claims to be making a stable operating
system and Linus Torvalds claims to be trying to take over the
world. -- seen on the net
Reply to: