Track systemd-cron under CVE-2017-9525

The same CVE can be used here since the CVE is not referring to the source code of src:cron but was assigned for the postinst issue allowing escalation from crontab group to root. The same code was copied into postinst for src:systemd-cron and so is covered under the same CVE.
author: Salvatore Bonaccorso <carnil@debian.org> 2021-09-05 17:48:02 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-09-05 17:48:02 +0200
commit: aafb647776fb1a18e7a9bd1ccca78be24de31e56 (patch)
tree: 7635f75d38db98e1394fab4c4d9297712299ecaf /data/CVE/list.2017
parent: a9a7d6aa9e3670bd38d1ed93e89c94da2aea73c2 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 53d513455b..82543ce890 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -26960,6 +26960,9 @@ CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0
 	- cron 3.0pl1-129 (bug #864466)
 	[stretch] - cron <no-dsa> (Minor issue)
 	[wheezy] - cron <no-dsa> (Minor issue)
+	- systemd-cron <unfixed> (bug #993731)
+	[bullseye] - systemd-cron <no-dsa> (Minor issue)
+	[buster] - systemd-cron <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/06/08/3
 CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page ...)
 	NOT-FOR-US: Sophos
author	Salvatore Bonaccorso <carnil@debian.org>	2021-09-05 17:48:02 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-09-05 17:48:02 +0200
commit	aafb647776fb1a18e7a9bd1ccca78be24de31e56 (patch)
tree	7635f75d38db98e1394fab4c4d9297712299ecaf /data/CVE/list.2017
parent	a9a7d6aa9e3670bd38d1ed93e89c94da2aea73c2 (diff)