-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Mar 2019 17:49:18 +0100 Source: cron Architecture: source Version: 3.0pl1-133 Distribution: unstable Urgency: medium Maintainer: Javier Fernández-Sanguino Peña <jfs@debian.org> Changed-By: Christian Kastner <ckk@debian.org> Closes: 801328 809167 893575 893579 Changes: cron (3.0pl1-133) unstable; urgency=medium . * SECURITY: Fix bypass of /etc/cron.{allow,deny} on failure to open If these files exist, then they must be readable by the user executing crontab(1). Users will now be denied by default if they aren't. (LP: #1813833) * SECURITY: Fix for possible DoS by use-after-free A user reported a use-after-free condition in the cron daemon, leading to a possible Denial-of-Service scenario by crashing the daemon. (Closes: #809167) * SECURITY: DoS: Fix unchecked return of calloc() Florian Weimer discovered that a missing check for the return value of calloc() could crash the daemon, which could be triggered by a very large crontab created by a user. * Enforce maximum crontab line count of 1000 to prevent a malicious user from creating an excessivly large crontab. The daemon will log a warning for existing files, and crontab(1) will refuse to create new ones. * Add d/NEWS altering to the new 1000 lines limit. * Move /var/run/crond.reboot to /run/crond.reboot. * crontab.5: Reverse the info on tilde expansion. When setting PATH, most shells will not expand a tilde. Thanks, Tim Landscheidt, for the analysis. (Closes: #801328) * Fixes for numerous man page issues. Remove trailing whitespace, use proper escapes, etc. Thanks, Bjarni Ingi Gislason! (Closes: #893575, #893579) * crontab.1: Drop duplicate DIAGNOSTICS header. * daemon: Only support the 'x' debug option in debug builds. Checksums-Sha1: ce0b9188ce385fdf5659da9a464c62ce6ce4a139 1918 cron_3.0pl1-133.dsc 8fa1c0e52853a2b538bac04a1ccbf49d5679eb49 100791 cron_3.0pl1-133.diff.gz d461692639bfbd73ef67c4f2e40edf2a61ee6862 5264 cron_3.0pl1-133_source.buildinfo Checksums-Sha256: d8a4fb0343d028e24d90079c82427439b65e2ed4ae90fca572e10d9984ed5934 1918 cron_3.0pl1-133.dsc dd542caabd039da1b3f1bbe8da271c20995e3c32caea26c058ac1d4236896506 100791 cron_3.0pl1-133.diff.gz 761f490f47d059910df1d3c192f264433047ce8c3ac61e38da68ed3ce48dc3e0 5264 cron_3.0pl1-133_source.buildinfo Files: 6e4f310dad6071990f3339c82d313b24 1918 admin important cron_3.0pl1-133.dsc d6542f4bdf4b3b3d7601384af994f720 100791 admin important cron_3.0pl1-133.diff.gz df833dc4a0568c4c3390b062373b79ef 5264 admin important cron_3.0pl1-133_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEQZ9+mkfDq5UZ8bCjOZU6N95Os2sFAlyFRCAPHGNra0BkZWJp YW4ub3JnAAoJEDmVOjfeTrNrxLcP/3H/ATbpLbXB49yPOZE9glbdSk2ngHWYh+ic n2pEdmEq0yUA0g6DSwsOSWfSClPMabrU3+YiFRwk8L9uKBK5MD3HDEui3FFYcpEP CuPSvY7b3ytWOUVjYlGWPkRidox+RA5qd43iDewHRyY3P6lIUB3l4MHiUurI1jBY MQ/myllbNyMHTpXgJyr83rbJWz9GiUm+3nCoux0N2tfvpnYUvNd7ViNJeb+EBV2g YAB0NiPel5/92KLkGI/rrSmtat+s2IJ3B80qn5lgM+BKqd3/Fk/wt3BUZQBZvrGE Qf+Yvf4wMPdCMrdWjJF05SsXeI9aEr4Sa6gHlrjnZwK7JvwkGkoOShzVkqLqTj5l qIK8J+NnDiXOfeNqpyadrLbxE9tV41xkPGNTcOSzfr8lBr/AvabK39UIkUIFiLiW Ud6By3RJ8sgWgwtFS7WGaV+5KM9lWvvhilVUjZb4hSb+WPG/2UIntc83ZiPGQVvn gQC35ZUMwMjVmLDe8n/3bPd5fjFL+m5Yl8W3hhUZa2MrHvf4None+f8cSj2sjJs2 qGiDEWqzH2Gb+QuYsZka8HflKKAg+BzG4qPOG09VqNNJx0btPWi1k6EyWKMAOmpY lWcX+/BzaOeVjICcqw6bQ0hGr4C0INMs4ucynJOilPaqt+8eO185l+4cnYqUsTr6 11YWkMCF =itJI -----END PGP SIGNATURE-----