From $URL :
A security issue has been reported in bcron, which can be exploited by malicious, local users to
perform certain actions with escalated privileges.
The security issue is caused due to the "bcron-exec" utility insecurely handling file descriptors
for temporary files, which can be exploited to overwrite the files with arbitrary content.
The security issue is reported in version 0.09. Prior versions may also be affected.
Update to version 0.10.
Provided and/or discovered by
Anton Khalikov in a Debian bug report.
bcron-exec in bcron before 0.10 does not close file descriptors associated
with temporary files when running a cron job, which allows local users to
modify job files and send spam messages by accessing an open file
Ping for update. 2013 issue, still vulnerable.
Maintainer(s): after the bump please let us know when the ebuild is ready for stabilization.
*** Bug 467922 has been marked as a duplicate of this bug. ***
Author: Sergey Popov <email@example.com>
Date: Sat Oct 24 20:48:36 2015 +0300
sys-process/bcron: version bump
Non-maintainer commit, due to security reasons
Port to EAPI 5, add epatch user
@arches, please stabilize.
@maintainers, after stabilization please remove vulnerable versions.
TARGET KEYWORDS: amd64 and x86.
sys-process/bcron/bcron-0.10.ebuild: DEPEND: amd64(default/linux/amd64/13.0)
Deal with that first
Only issues repoman is reporting here are an upstream workaround and deprecated EAPI's in <sys-process/bcron-0.10. Those will be fixed on cleanup after stabilization.
CC back arches when 569020 is resolved
Maintainer(s), please cleanup.
Security, please vote.
GLSA Vote: No.
@maintainer(s), please cleanup the vulnerable versions.