Dear Debian Security Team, I noticed that the latest available cron package in the stable distribution of Debian Stretch is vulnerable to CVE-2017-9525: https://security-tracker.debian.org/tracker/CVE-2017-9525 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864466
It seems like this issue has been known for a while now and fixed. Are there plans to include cron version 3.0pl1-129 to the stable release of Debian Stretch? Regards, Vladyslav Cherednychenko Information Security Engineer ABOUT YOU° GmbH Domstraße 10 20095 Hamburg Email: vladyslav.cherednyche...@aboutyou.de Phone: +49 40 638 569 313 www.aboutyou.de
