1
Candidate: CVE-2006-NNN0
7
jdstrand> placeholder for one more fix for CVE-2006-2607. Marked as negligible
8
since security impact is very low-- if initgroups() fails in cron_popen()
9
then group privs are not dropped, and the MAILCMD is able to run with
10
elevated group privileges. Can add this in on the next cron update.
13
Discovered-by: Christian Kastner
17
upstream: http://svn.debian.org/wsvn/pkg-cron/trunk/popen.c?op=diff&rev=0&sc=0
18
upstream_cron: released (3.0pl1-109)
19
dapper_cron: ignored (reached end-of-life)
20
hardy_cron: ignored (reached end-of-life)
21
intrepid_cron: needed (reached end-of-life)
22
jaunty_cron: ignored (reached end-of-life)
23
karmic_cron: ignored (reached end-of-life)
24
lucid_cron: released (3.0pl1-106ubuntu5)
25
maverick_cron: released (3.0pl1-106ubuntu5)
26
natty_cron: released (3.0pl1-106ubuntu5)
27
oneiric_cron: released (3.0pl1-106ubuntu5)
28
precise_cron: released (3.0pl1-106ubuntu5)
29
quantal_cron: released (3.0pl1-106ubuntu5)
30
raring_cron: released (3.0pl1-106ubuntu5)
31
devel_cron: released (3.0pl1-106ubuntu5)