Package: cron Version: 3.0pl1-72 Severity: grave Tags: security, woody, sarge Justification: user security hole
The report on http://lwn.net/Articles/132380/ (and in the CVE) states, that this problem only relates to version 4.1. If this is the case, then plase add CAN-2005-1038 to http://www.debian.org/security/nonvulns-woody and http://www.debian.org/security/nonvulns-sarge On the other hand, the reporter (as cited in the CVE report) states in http://www.securityfocus.com/archive/1/395093 that he *used* this version for the exploit, not that it is possible only there. As the CVE-report also states, this might be a duplicate CVE-2001-0235. If this is indeed the case, please update the above nonvulns pages as well to avoid future confusion. -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686 Locale: LANG=en_US, LC_CTYPE=en_US Versions of packages cron depends on: ii debianutils 1.16.2woody1 Miscellaneous utilities specific t ii libc6 2.2.5-11.8 GNU C Library: Shared libraries an ii libpam0g 0.72-35 Pluggable Authentication Modules l -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
