diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-09-05 17:48:02 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-09-05 17:48:02 +0200 |
commit | aafb647776fb1a18e7a9bd1ccca78be24de31e56 (patch) | |
tree | 7635f75d38db98e1394fab4c4d9297712299ecaf /data/CVE/list.2017 | |
parent | a9a7d6aa9e3670bd38d1ed93e89c94da2aea73c2 (diff) |
Track systemd-cron under CVE-2017-9525
The same CVE can be used here since the CVE is not referring to the
source code of src:cron but was assigned for the postinst issue allowing
escalation from crontab group to root. The same code was copied into
postinst for src:systemd-cron and so is covered under the same CVE.
Diffstat (limited to 'data/CVE/list.2017')
-rw-r--r-- | data/CVE/list.2017 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 53d513455b..82543ce890 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -26960,6 +26960,9 @@ CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0 - cron 3.0pl1-129 (bug #864466) [stretch] - cron <no-dsa> (Minor issue) [wheezy] - cron <no-dsa> (Minor issue) + - systemd-cron <unfixed> (bug #993731) + [bullseye] - systemd-cron <no-dsa> (Minor issue) + [buster] - systemd-cron <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/06/08/3 CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page ...) NOT-FOR-US: Sophos |