Package: cron
Version: 3.0pl1-127+deb8u2
Severity: normal

Dear Maintainer,

fix for CVE-2019-9705 is also limiting cron.d files
under /etc/cron.d. I think following patch should be applied.

commit d59d517ea2f42e0798b78d263c259633eeae22e9
Author: Antti Salmela <[email protected]>
Date:   Fri Mar 22 10:28:48 2019 +0200

    Only apply crontab limit to user crontabs

diff --git a/user.c b/user.c
index 94b5914..22a2830 100644
--- a/user.c
+++ b/user.c
@@ -295,7 +295,7 @@ load_user(crontab_fd, pw, uname, fname, tabname)
         */
        } while (status >= OK && LineNumber < MAX_TAB_LINES + NHEADER_LINES + 
2);
 
-       if (LineNumber >= MAX_TAB_LINES + NHEADER_LINES + 2) {
+       if (pw != NULL && LineNumber >= MAX_TAB_LINES + NHEADER_LINES + 2) {
                log_it(fname, getpid(), "ERROR", "crontab must not be longer "
                                "than " Stringify(MAX_TAB_LINES) " lines, "
                                "this crontab file will be ignored");

Reply via email to