Hi Christian, Indeed I was looking at the unpatched version. Sorry for the inconvenience.
Best regards, -- Jeffrey BENCTEUX Le sam. 2 déc. 2023 à 20:05, Christian Kastner <[email protected]> a écrit : > Hi Jeffrey, > > On 2023-12-02 11:39, Jeffrey Bencteux wrote: > > Hi, > > > > Both setuid() and setgid() return values are not checked in cron's code > used to execute user-provided commands: > > This issue was reported as CVD-2006-2607 and fixed a long time ago. > > Here's the relevant patch: > > > https://sources.debian.org/src/cron/3.0pl1-162/debian/patches/fixes/Check-privilege-drop-results-CVE-2006-2607.patch/ > > Are you perhaps looking at the unpatched source? > > Best, > Christian >
