Bug#992748: systemd-cron: postinst error - CVE-2017-9525?
Chris Hofstaedtler
zeha at debian.org
Sun Sep 5 13:49:40 BST 2021
Control: tags -1 + security
* Alexandre Detiste <alexandre.detiste at gmail.com> [210905 12:47]:
> Le lun. 23 août 2021 à 04:57, Martin-Éric Racine
> <martin-eric.racine at iki.fi> a écrit :
> > Setting up systemd-cron (1.5.17-1) ...
> > xargs: warning: options --max-args and --replace/-I/-i are mutually exclusive, ignoring previous --max-args value
> > Thanks.
>
> This was copy-pasted from src:cron, which must have the same bug now.
src:cron removed the offending code as part of a security fix in
2018:
https://salsa.debian.org/debian/cron/-/commit/a10ab4e346e941aaa92f4b671a96895392b917af
This would suggest CVE-2017-9525 also affects src:systemd-cron.
Chris
More information about the Pkg-systemd-maintainers
mailing list