CVE-2019-9704 (https://nvd.nist.gov/vuln/detail/CVE-2019-9704): Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. CVE-2019-9705 (https://nvd.nist.gov/vuln/detail/CVE-2019-9705): Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
arm64 stable
sparc stable
amd64 stable
x86 stable
Looking good on ppc64. # cat cronie-685848.report USE tests started on Mi 22. Mai 01:52:49 CEST 2019 FEATURES=' test' USE='' succeeded for =sys-process/cronie-1.5.4 USE='-anacron -inotify -pam' succeeded for =sys-process/cronie-1.5.4 USE='anacron -inotify -pam' succeeded for =sys-process/cronie-1.5.4 USE='-anacron inotify -pam' succeeded for =sys-process/cronie-1.5.4 USE='anacron inotify -pam' succeeded for =sys-process/cronie-1.5.4 USE='-anacron -inotify pam' succeeded for =sys-process/cronie-1.5.4 USE='anacron -inotify pam' succeeded for =sys-process/cronie-1.5.4 USE='-anacron inotify pam' succeeded for =sys-process/cronie-1.5.4 USE='anacron inotify pam' succeeded for =sys-process/cronie-1.5.4 revdep tests started on Mi 22. Mai 02:02:07 CEST 2019 FEATURES=' test' USE='' succeeded for virtual/cron
ia64 stable
Looking good on ppc. # cat cronie-685848.report USE tests started on Mi 22. Mai 12:21:32 CEST 2019 FEATURES=' test' USE='' succeeded for =sys-process/cronie-1.5.4 USE='-anacron -inotify -pam' succeeded for =sys-process/cronie-1.5.4 USE='anacron -inotify -pam' succeeded for =sys-process/cronie-1.5.4 USE='-anacron inotify -pam' succeeded for =sys-process/cronie-1.5.4 USE='anacron inotify -pam' succeeded for =sys-process/cronie-1.5.4 USE='-anacron -inotify pam' succeeded for =sys-process/cronie-1.5.4 USE='anacron -inotify pam' succeeded for =sys-process/cronie-1.5.4 USE='-anacron inotify pam' succeeded for =sys-process/cronie-1.5.4 USE='anacron inotify pam' succeeded for =sys-process/cronie-1.5.4 revdep tests started on Mi 22. Mai 12:27:48 CEST 2019 FEATURES=' test' USE='' succeeded for virtual/cron
arm stable
ppc stable
ppc64 stable
alpha stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d6c8257d37ccf5d32d3b061dfd33bcb7b1f74c1 commit 1d6c8257d37ccf5d32d3b061dfd33bcb7b1f74c1 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-06-06 10:06:55 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-06-06 10:07:22 +0000 sys-process/cronie: Security cleanup Bug: https://bugs.gentoo.org/685848 Package-Manager: Portage-2.3.67, Repoman-2.3.14 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> sys-process/cronie/Manifest | 1 - sys-process/cronie/cronie-1.5.2.ebuild | 109 --------------------- .../cronie/files/cronie-1.5.2-systemd.patch | 30 ------ 3 files changed, 140 deletions(-)