[Git][security-tracker-team/security-tracker][master] Track systemd-cron under CVE-2017-9525
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Sep 5 16:49:19 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ceb9009 by Salvatore Bonaccorso at 2021-09-05T17:48:02+02:00
Track systemd-cron under CVE-2017-9525
The same CVE can be used here since the CVE is not referring to the
source code of src:cron but was assigned for the postinst issue allowing
escalation from crontab group to root. The same code was copied into
postinst for src:systemd-cron and so is covered under the same CVE.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -265687,6 +265687,9 @@ CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0
- cron 3.0pl1-129 (bug #864466)
[stretch] - cron <no-dsa> (Minor issue)
[wheezy] - cron <no-dsa> (Minor issue)
+ - systemd-cron <unfixed> (bug #993731)
+ [bullseye] - systemd-cron <no-dsa> (Minor issue)
+ [buster] - systemd-cron <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/06/08/3
CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page ...)
NOT-FOR-US: Sophos
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ceb9009cb64a3bcf6837a1fe934bdb55e18feaf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ceb9009cb64a3bcf6837a1fe934bdb55e18feaf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210905/eea0f783/attachment.htm>
More information about the debian-security-tracker-commits
mailing list