Bug#993731: systemd-cron: CVE-2017-9525: group crontab to root escalation via postinst

[Martin-Éric Racine]

Package: systemd-cron
Version: 1.5.17-2
Followup-For: Bug #993731

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Seems that the fix doesn't quite work:

Setting up systemd-cron (1.5.17-2) ...
stat: cannot statx '*': No such file or directory
stat: cannot statx '*': No such file or directory
stat: cannot statx '*': No such file or directory
Warning: * is not a regular file!

- -- Package-specific info:
- -- output of systemd-delta

- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages systemd-cron depends on:
ii  libc6         2.32-2
ii  python3       3.9.2-3
ii  systemd-sysv  247.9-1

Versions of packages systemd-cron recommends:
ii  nullmailer [mail-transport-agent]  1:2.2-3

systemd-cron suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmE4/jIACgkQrh+Cd8S0
17ZmKA//cf0cKg84U4C1E5sgBfeZ5aIzDQ9nYsnWHOHtE7S/lI8el/kc94sKgCmc
XIZAp7qwYo/FSsr5MyAGXW2KgO0a8Phvwb/TA3bayuzrC91ArLbFQvnTnjGmbDmF
UIAZ+VpSqHzf1Uk45PMiQkKnN3OhU+cWI4RNFD0ElzkEDQMvCpHDwtaEvaNNfDeX
8QIxIjrxX27CK7Vsh5vmwbBs4Qz6NQ9uF90IQVjX4cRdAzsZ8kgFuVA0rnFUqVW0
P+n7eIC29tkqrMsg424l2JmMXViQFKkWDM7W/JtGZGZQwJ1M39TufQhgUKgQpb9M
ONh7eNJZNHV+CbMM7XGIX5TXCoUdVSRYq9N3PgcFhLjadW7jHvkd2HJFIKCTDnBX
YbvzrbR5EA2m9Ycd+rEinUn/zClY37rUFtXxGd/ScZig7z7MeD5Qb1+iW4HgL14C
kwmTrjFaAfZmSrnkPRPnwpAdd4qSNSHLUPLc5H3EXF8lCBhaM+Zur5Pm7KBZ1pnp
pmg9rtXBNY4LGXqtbx5GW5W4xSE1VQG5XRHvk6yUnePqvsXIkNZ0xPU0/1O1MCLF
HmG5TNsHyJthiWU4R64OINln5zSsUoAxiX3j+2rgwXbsftoPsGg0AEqM7Vtt/yHc
P+gESgI6HM2PLsogmqhrHLrsPdbDO4lurPb2C31fEHW9tRmKWWc=
=Rz4/
-----END PGP SIGNATURE-----