Please merge cron(3.0pl1-106)(main) from debian unstable(main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cron (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: cron
Debian has a new version to be merged
cron (3.0pl1-106) unstable; urgency=high
* SECURITY UPDATE: cron does not check the return code of setgid() and
initgroups(), which under certain circumstances could cause
applications to run with elevated group privileges. Note that the more
serious issue of not checking the return code of setuid() was fixed already
in 3.0pl1-64. (Closes: #528434)
- do_command.c: check return code of setgid() and initgroups()
- This fixes (hopefully completely) CVE-2006-2607
* crontab.c:
- close the temporary file after it is edited and
before calling cleanup_
mounted / (Closes: #413962)
- if crontab is run without argument then it will read stdin to replace
the users crontab. This way it is POSIXLY_CORRECT. More information at
http://
(Closes: #514062)
* crontab.5 :
- Add details about multiple recipients in MAILTO (LP: #235464)
(Closes: #502650)
- Indicate that it also reads environment from /etc/environment
- Substitute ATT for AT&T (Closes: #405474)
* Proper fix for PAM configuration to make cron read the system
environment (Closes: #511684)
* debian/cron.init:
- Add support for 'status' in the init.d (Closes: #514721)
- Use 'cron' instead of 'crond' (Closes: #497699)
* Change lockfile-progs from Suggests: to Recommends: and remove wording
related to dselect, which is no longer relevant (Closes: #452460, #468262)
* Change the (outdated) wording of the description based on an example
provided by Justin B Rye (Closes: 485452)
* Change the postinst so that update-rc.d is only run if /etc/init.d/cron is
executable (Closes: #500610)
-- Javier Fernandez-Sanguino Pen~a <email address hidden> Wed, 13 May 2009 01:05:41 +0200
Sorry, James Strandboge already merged this one.