-
cron (3.0pl1-128.1ubuntu1.2) bionic-security; urgency=medium
* SECURITY REGRESSION: CVE-2017-9525 regression (LP: #1971895)
- debian/postinst: add tab_name emptiness check
- https://salsa.debian.org/debian/cron/-/commit/23047851
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 10 May 2022 17:59:19 -0300
-
cron (3.0pl1-128.1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: privilege escalation in postinst script
- Add sanity checks over the entries in spool directory and
set up owner and group accordingly in debian/postinst
- CVE-2017-9525
* SECURITY UPDATE: denial of service via large file
- Add sanity check in case of running out of memory when
parsing the file in entry.c
- CVE-2019-9704
* SECURITY UPDATE: denial of service via large file
- Add sanity check to ensure that no more than 1000 lines of
length are allowed in crontabs in cron.h, crontab.c and
user.c.
- CVE-2019-9705
* SECURITY UPDATE: denial of service by use-after-free
- Add return values when there is no memory available
in database.c
- CVE-2019-9706
-- David Fernandez Gonzalez <email address hidden> Fri, 29 Apr 2022 11:16:53 +0200
-
cron (3.0pl1-128.1ubuntu1) bionic; urgency=low
* Merge with Debian; remaining changes:
- debian/control:
+ Move MTA to Suggests field.
- d/cron.default: change to a deprecated message to make it clear
that the file is no longer in use.
- Drop upstart system jobs.
- Add debian/cron.preinst: Handle /etc/init.d/cron symlink → real file
transition on upgrades.
cron (3.0pl1-128.1) unstable; urgency=medium
* Non-maintainer upload.
* Properly transition system jobs to system_cronjob_t SELinux context and
stop relying on refpolicy specific identifiers (Closes: #857662)
-- Dimitri John Ledkov <email address hidden> Thu, 16 Nov 2017 05:29:19 +0000
-
cron (3.0pl1-128ubuntu5) artful; urgency=medium
* Fix typo.
-- Dimitri John Ledkov <email address hidden> Mon, 21 Aug 2017 00:54:10 +0100
