[Bug 1972830] [NEW] CVE-2019-9705 fix limits to 1000 not 10000
Andy Townsend
1972830 at bugs.launchpad.net
Tue May 10 12:28:41 UTC 2022
Public bug reported:
According to
https://changelogs.ubuntu.com/changelogs/pool/main/c/cron/cron_3.0pl1-128.1ubuntu1.1/changelog
"ensure that no more than 1000 lines of
length are allowed in crontabs"
However that change at Debian
https://salsa.debian.org/debian/cron/-/commit/26814a26
was very quickly superceded by
https://salsa.debian.org/debian/cron/-/commit/eba012444b2dcfaaeebc101848bcf42692f23499
("Increase maximum crontab length to 10,000 lines")
due to problems noted at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925276
** Affects: cron (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- CVE-2019-9705 limits to 1000 not 10000
+ CVE-2019-9705 fix limits to 1000 not 10000
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cron in Ubuntu.
https://bugs.launchpad.net/bugs/1972830
Title:
CVE-2019-9705 fix limits to 1000 not 10000
Status in cron package in Ubuntu:
New
Bug description:
According to
https://changelogs.ubuntu.com/changelogs/pool/main/c/cron/cron_3.0pl1-128.1ubuntu1.1/changelog
"ensure that no more than 1000 lines of
length are allowed in crontabs"
However that change at Debian
https://salsa.debian.org/debian/cron/-/commit/26814a26
was very quickly superceded by
https://salsa.debian.org/debian/cron/-/commit/eba012444b2dcfaaeebc101848bcf42692f23499
("Increase maximum crontab length to 10,000 lines")
due to problems noted at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925276
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1972830/+subscriptions
More information about the foundations-bugs
mailing list