Package: cron Version: 3.0pl1-127+deb8u2 Severity: normal Dear Maintainer,
fix for CVE-2019-9705 is also limiting cron.d files under /etc/cron.d. I think following patch should be applied. commit d59d517ea2f42e0798b78d263c259633eeae22e9 Author: Antti Salmela <[email protected]> Date: Fri Mar 22 10:28:48 2019 +0200 Only apply crontab limit to user crontabs diff --git a/user.c b/user.c index 94b5914..22a2830 100644 --- a/user.c +++ b/user.c @@ -295,7 +295,7 @@ load_user(crontab_fd, pw, uname, fname, tabname) */ } while (status >= OK && LineNumber < MAX_TAB_LINES + NHEADER_LINES + 2); - if (LineNumber >= MAX_TAB_LINES + NHEADER_LINES + 2) { + if (pw != NULL && LineNumber >= MAX_TAB_LINES + NHEADER_LINES + 2) { log_it(fname, getpid(), "ERROR", "crontab must not be longer " "than " Stringify(MAX_TAB_LINES) " lines, " "this crontab file will be ignored");

