CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2024/08/19 09:13:45
Modified files:
usr.sbin/cron : Tag: OPENBSD_7_5 entry.c
Log message:
Fix CVE-2024-43688, buffer underflow for very large step values
In get_number(), reject values that are so large that they are
interpreted as negative numbers. In set_range(), step values smaller
than one or larger than the "stop" value are ignored. This prevents
bit_nset() from being called with out-of-range values.
from millert@; Bug found by Dave G. of Supernetworks.
this is errata/7.5/006_cron.patch.sig
