group.of.nepali.translators team mailing list archive

[Rodrigo Figueiredo Zaiden <1971895@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package cron - 3.0pl1-128ubuntu2+esm2

---------------
cron (3.0pl1-128ubuntu2+esm2) xenial-security; urgency=medium

  * SECURITY REGRESSION: CVE-2017-9525 regression (LP: #1971895)
    - debian/postinst: add tab_name emptiness check
    - https://salsa.debian.org/debian/cron/-/commit/23047851

 -- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@xxxxxxxxxxxxx>  Tue, 10
May 2022 18:07:46 -0300

** Changed in: cron (Ubuntu Xenial)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1971895

Title:
  Warning messages from stat printed on installation with no user
  crontabs

Status in cron package in Ubuntu:
  Confirmed
Status in cron source package in Xenial:
  Fix Released
Status in cron source package in Bionic:
  Fix Released

Bug description:
  On installation of cron on a new system, or (I expect) an upgrade with
  no user crontab files the following is printed:

  Setting up cron (3.0pl1-128.1ubuntu1.1) ...
  stat: cannot stat '*': No such file or directory
  stat: cannot stat '*': No such file or directory
  stat: cannot stat '*': No such file or directory
  Warning: * is not a regular file!

  This is related to the fix for CVE-2017-9525 introduced in
  3.0pl1-128.1ubuntu1.1. The for loop at line 66 of cron.postinst needs
  to have a guard like the following added to it:

  [ "$tab_name" = "*" ] && continue

  We have observed this with Bionic, I haven't checked any other Ubuntu
  releases.

  Cheers,
  Andrew

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1971895/+subscriptions