About CVE-2017-9525
佐々木将信
masanobu.sasaki at bizreach.co.jp
Mon Mar 22 12:57:12 UTC 2021
Hi team ,
I may have found a miss leading advisory about CVE-2017-9525 on your web site*1.
The status of the vulnerability is still “needed” on Ubuntu 18.04 LTS (Bionic Beaver) .
However, this is already fixed in version “3.0pl1-128.1ubuntu1” .
This vulnerability might be regarding maintenance script(such as posttest ) when I see Debian’s fixing *2.
If it is, Ubuntu cron seems to be fixed at above version considering diffs on the version .*3
I apologize if I don’t follow reporting rules and if I mistake.
*1
https://ubuntu.com/security/CVE-2017-9525
*2
https://salsa.debian.org/debian/cron/-/commit/a10ab4e346e941aaa92f4b671a96895392b917af <https://salsa.debian.org/debian/cron/-/commit/a10ab4e346e941aaa92f4b671a96895392b917af>
*3 (around line 2992)
https://launchpadlibrarian.net/345982798/cron_3.0pl1-128.1ubuntu1.diff.gz <https://launchpadlibrarian.net/345982798/cron_3.0pl1-128.1ubuntu1.diff.gz>
Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20210322/501ebe69/attachment.html>
More information about the Ubuntu-motu
mailing list