[ubuntu/karmic] cron 3.0pl1-106ubuntu1 (Accepted)

Thu May 14 16:40:13 BST 2009

cron (3.0pl1-106ubuntu1) karmic; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/control: Depend on lsb-base >= 3.2-12ubuntu4
    - debian/control: Drop MTA and lockfile-args to Suggests
    - pathnames.h: use sensible-editor
  * New Debian release fixes LP: #46649

cron (3.0pl1-106) unstable; urgency=high

   * SECURITY UPDATE: cron does not check the return code of setgid() and
   initgroups(), which under certain circumstances could cause
   applications to run with elevated group privileges. Note that the more
   serious issue of not checking the return code of setuid() was fixed already
   in 3.0pl1-64.  (Closes: #528434)
    - do_command.c: check return code of setgid() and initgroups()
    - This fixes (hopefully completely) CVE-2006-2607
   * crontab.c:
      - close the temporary file after it is edited and
        before calling cleanup_tmp_crontab() to behave properly on NFS
        mounted / (Closes: #413962)
      - if crontab is run without argument then it will read stdin to replace
        the users crontab. This way it is POSIXLY_CORRECT. More information at
        http://www.opengroup.org/onlinepubs/9699919799/utilities/crontab.html
        (Closes: #514062)
   * crontab.5 :
      - Add details about multiple recipients in MAILTO (LP: #235464)
        (Closes: #502650)
      - Indicate that it also reads environment from /etc/environment
      - Substitute ATT for AT&T (Closes: #405474)
   * Proper fix for PAM configuration to make cron read the system
     environment (Closes: #511684)
   * debian/cron.init:
       - Add support for 'status' in the init.d (Closes: #514721)
       - Use 'cron' instead of 'crond' (Closes: #497699)
   * Change lockfile-progs from Suggests: to Recommends: and remove wording
     related to dselect, which is no longer relevant (Closes: #452460, #468262)
   * Change the (outdated) wording of the description based on an example
     provided by Justin B Rye (Closes: 485452)
   * Change the postinst so that update-rc.d is only run if /etc/init.d/cron is
     executable (Closes: #500610)

Date: Thu, 14 May 2009 09:53:08 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/cron/3.0pl1-106ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 14 May 2009 09:53:08 -0500
Source: cron
Binary: cron
Architecture: source
Version: 3.0pl1-106ubuntu1
Distribution: karmic
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 cron       - process scheduling daemon
Closes: 405474 413962 452460 468262 485452 497699 500610 502650 511684 514062 514721 528434
Launchpad-Bugs-Fixed: 46649 235464
Changes: 
 cron (3.0pl1-106ubuntu1) karmic; urgency=low
 .
   * Merge from debian unstable, remaining changes:
     - debian/control: Depend on lsb-base >= 3.2-12ubuntu4
     - debian/control: Drop MTA and lockfile-args to Suggests
     - pathnames.h: use sensible-editor
   * New Debian release fixes LP: #46649
 .
 cron (3.0pl1-106) unstable; urgency=high
 .
    * SECURITY UPDATE: cron does not check the return code of setgid() and
    initgroups(), which under certain circumstances could cause
    applications to run with elevated group privileges. Note that the more
    serious issue of not checking the return code of setuid() was fixed already
    in 3.0pl1-64.  (Closes: #528434)
     - do_command.c: check return code of setgid() and initgroups()
     - This fixes (hopefully completely) CVE-2006-2607
    * crontab.c:
       - close the temporary file after it is edited and
         before calling cleanup_tmp_crontab() to behave properly on NFS
         mounted / (Closes: #413962)
       - if crontab is run without argument then it will read stdin to replace
         the users crontab. This way it is POSIXLY_CORRECT. More information at
         http://www.opengroup.org/onlinepubs/9699919799/utilities/crontab.html
         (Closes: #514062)
    * crontab.5 :
       - Add details about multiple recipients in MAILTO (LP: #235464)
         (Closes: #502650)
       - Indicate that it also reads environment from /etc/environment
       - Substitute ATT for AT&T (Closes: #405474)
    * Proper fix for PAM configuration to make cron read the system
      environment (Closes: #511684)
    * debian/cron.init:
        - Add support for 'status' in the init.d (Closes: #514721)
        - Use 'cron' instead of 'crond' (Closes: #497699)
    * Change lockfile-progs from Suggests: to Recommends: and remove wording
      related to dselect, which is no longer relevant (Closes: #452460, #468262)
    * Change the (outdated) wording of the description based on an example
      provided by Justin B Rye (Closes: 485452)
    * Change the postinst so that update-rc.d is only run if /etc/init.d/cron is
      executable (Closes: #500610)
Checksums-Sha1: 
 ce4b13d8e10cf845c003c171b4a06675c3808cdf 1177 cron_3.0pl1-106ubuntu1.dsc
 7d7912acfae2d5f40021a3530a805492c8147e98 71271 cron_3.0pl1-106ubuntu1.diff.gz
Checksums-Sha256: 
 bcdca265a7cb699133454683048a5d697d89e824b07ffd8963ac1d4102c397e4 1177 cron_3.0pl1-106ubuntu1.dsc
 27a6cceb16dc1c251b2172e9a6def92c1d32c3bba62af33cf6f136169d118eef 71271 cron_3.0pl1-106ubuntu1.diff.gz
Files: 
 edb76d92815c2872ae256230f0cc6a73 1177 admin important cron_3.0pl1-106ubuntu1.dsc
 de64c08dbfbf128bd4d783a3b8eed210 71271 admin important cron_3.0pl1-106ubuntu1.diff.gz
Original-Maintainer: Javier Fernandez-Sanguino Pen~a <jfs at computer.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoMOhcACgkQW0JvuRdL8BoA7ACfZqCXOBfna20E23NpOiSUP6ys
v3UAn0aKgGEA4/jJDc31gVp8jJkU7eT1
=Eaut
-----END PGP SIGNATURE-----