CVE-2010-0792 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0792): fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file.
Security, 3.0.5 is in tree now. Only bad note on that is that it depends on a newly-added pambase, but since I only changed the system-services stack it should be fine to go stable as it is even right now. Thanks!
3.0.5-r1 is the stable candidate if security wants a new stable.
Arches, please test and mark stable: =sys-process/fcron-3.0.5-r2 Target keywords : "amd64 hppa ppc sparc x86"
x86 stable
this deps a non-stable version of pambase for most arches. advice?
Stable for HPPA.
amd64 stable
sparc stable
ppc done; closing as last arch
Reopening, this is a security bug.
GLSA vote: yes
YES too, request filed.
3.0.5-r2 is the oldest available version in the tree. Is there still a need for a GLSA ?
Yes.
This issue was resolved and addressed in GLSA 201311-16 at http://security.gentoo.org/glsa/glsa-201311-16.xml by GLSA coordinator Sergey Popov (pinkbyte).