fcrontab in fcron before 3.0.5 allows local users to read arbitrary
files via a symlink attack on an unspecified file.
Security, 3.0.5 is in tree now.
Only bad note on that is that it depends on a newly-added pambase, but since I only changed the system-services stack it should be fine to go stable as it is even right now.
3.0.5-r1 is the stable candidate if security wants a new stable.
Arches, please test and mark stable:
Target keywords : "amd64 hppa ppc sparc x86"
this deps a non-stable version of pambase for most arches. advice?
Stable for HPPA.
ppc done; closing as last arch
Reopening, this is a security bug.
GLSA vote: yes
YES too, request filed.
3.0.5-r2 is the oldest available version in the tree. Is there still a need for a GLSA ?
This issue was resolved and addressed in
GLSA 201311-16 at http://security.gentoo.org/glsa/glsa-201311-16.xml
by GLSA coordinator Sergey Popov (pinkbyte).