On Sat, Apr 23, 2005 at 11:30:08AM -0500, Steve Greenland wrote: > On 23-Apr-05, 09:20 (CDT), Helge Kreutzmann <[EMAIL PROTECTED]> wrote: > > The report on http://lwn.net/Articles/132380/ (and in the CVE) states, > > that this problem only relates to version 4.1. If this is the case, > > then plase add CAN-2005-1038 to > > > > http://www.debian.org/security/nonvulns-woody > > > > and > > > > http://www.debian.org/security/nonvulns-sarge > > I don't have any control over those pages. I've cc'd > debian-www@lists.debian.org: web folks: we're not vulnerable to this. > > Anyway, this was fixed long ago, as a perusal of the changelog will > show: > > cron (3.0pl1-62) unstable; urgency=medium > > [*snip*] > * Protect against reading other people's crontabs via temp file symlink > in crontab -e. > > -- Steve Greenland <[EMAIL PROTECTED]> Sat, 27 Jan 2001 17:01:43 -0600 > > As for the older CVE, a few minutes investigation shows that this was > fixed in -57.2, as per Debian DSA-024, back in potato days, thus it > doesn't belong on the woody or sarge nonvulns page. > > Oh, and thanks to Mr. Gran for checking sarge and sid.
I'm not sure how to update these files. Joey, you seem to be the one maintaining them. Would you please update them? -- Matt
signature.asc
Description: Digital signature
