-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 13 May 2009 01:05:41 +0200 Source: cron Binary: cron Architecture: source i386 Version: 3.0pl1-106 Distribution: unstable Urgency: high Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Description: cron - process scheduling daemon Closes: 405474 413962 452460 468262 485452 497699 500610 502650 511684 514062 514721 528434 Changes: cron (3.0pl1-106) unstable; urgency=high . * SECURITY UPDATE: cron does not check the return code of setgid() and initgroups(), which under certain circumstances could cause applications to run with elevated group privileges. Note that the more serious issue of not checking the return code of setuid() was fixed already in 3.0pl1-64. (Closes: #528434) - do_command.c: check return code of setgid() and initgroups() - This fixes (hopefully completely) CVE-2006-2607 * crontab.c: - close the temporary file after it is edited and before calling cleanup_tmp_crontab() to behave properly on NFS mounted / (Closes: #413962) - if crontab is run without argument then it will read stdin to replace the users crontab. This way it is POSIXLY_CORRECT. More information at http://www.opengroup.org/onlinepubs/9699919799/utilities/crontab.html (Closes: #514062) * crontab.5 : - Add details about multiple recipients in MAILTO (LP: #235464) (Closes: #502650) - Indicate that it also reads environment from /etc/environment - Substitute ATT for AT&T (Closes: #405474) * Proper fix for PAM configuration to make cron read the system environment (Closes: #511684) * debian/cron.init: - Add support for 'status' in the init.d (Closes: #514721) - Use 'cron' instead of 'crond' (Closes: #497699) * Change lockfile-progs from Suggests: to Recommends: and remove wording related to dselect, which is no longer relevant (Closes: #452460, #468262) * Change the (outdated) wording of the description based on an example provided by Justin B Rye (Closes: 485452) * Change the postinst so that update-rc.d is only run if /etc/init.d/cron is executable (Closes: #500610) Checksums-Sha1: e126ee949966e4ad31bf4fe8446391944ef6e3d1 1057 cron_3.0pl1-106.dsc f4581b993d48c6dce3ce34dbd8ff61030f9986f4 70760 cron_3.0pl1-106.diff.gz 1a6fba880e467bebaa67dbbbf7408b566be39789 82630 cron_3.0pl1-106_i386.deb Checksums-Sha256: 92bfb781a65d06a75eaa2bdf713f164ad5bcad20fcd3a599196a25149362f0cb 1057 cron_3.0pl1-106.dsc bbec885b1c783756385aff56162df528a21296e8f6561e5717a9190a34fe5ebb 70760 cron_3.0pl1-106.diff.gz 7c4c22b8101403ad9b97e158c69e475aaf67c63fb9ef61c20013d5641b08c9d4 82630 cron_3.0pl1-106_i386.deb Files: 44eb5eb1046cf2e77034a2f94198b779 1057 admin important cron_3.0pl1-106.dsc 490fa1083359db207a9b8678fc505190 70760 admin important cron_3.0pl1-106.diff.gz bdef1e0aa346a217fa6cba8873fb967c 82630 admin important cron_3.0pl1-106_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKChDqsandgtyBSwkRAoBLAJ9/Io7a+VEspBl0NC6NF0XcFTBengCcCnn+ 5kbwiezbFZiYz/zhitX+CEc= =U+PT -----END PGP SIGNATURE----- Accepted: cron_3.0pl1-106.diff.gz to pool/main/c/cron/cron_3.0pl1-106.diff.gz cron_3.0pl1-106.dsc to pool/main/c/cron/cron_3.0pl1-106.dsc cron_3.0pl1-106_i386.deb to pool/main/c/cron/cron_3.0pl1-106_i386.deb
