Hi, For those reviewing/thinking on helping with this RFH bug it is worth noting that Vixie's cron is rather dead upstream, there have been no changes post the 4.1 release available at http://ftp.isc.org/isc/cron/ (dated january 2004)
In the meantime, the Red Hat / Fedora folks have forked off vixie-cron into cronie "recently" (2008, IIRC) and this project [1] has since been adopted by Mandriva and Gentoo folks too. Maybe cron should be updated to this fork instead. This fork probably fixes many of the open bugs in Debian but could also introduce some new (like CVE-2010-0424 which looks seems to be specific to 4.1 and thus to cronie [2]) Forward porting the Debian patches to this fork is still a large amount of work, however, more so since the fork has already diverted a lot from the original codebase (4.1) Regards Javier [1] https://fedorahosted.org/cronie/ [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0424 and http://security-tracker.debian.org/tracker/CVE-2010-0424 -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/f3c99a81003170446l1159ab1doe96590a3fdab3...@mail.gmail.com