[Secure-testing-team] Bug#697811: cronie: CVE-2012-6097: fd leak in 1.4.8

[Salvatore Bonaccorso]

Package: cronie
Version: 1.4.8-1~exp1
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi

the following vulnerability was published for cronie.

CVE-2012-6097[0]:
cronie fd leak

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2012-6097

This is also found on RedHat Bugtracker in [1] and Suse's[2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6097
[2] https://bugzilla.novell.com/show_bug.cgi?id=786096

The reverting patch for 1.8.4 is [3].

[3] http://git.fedorahosted.org/cgit/cronie.git/commit/src/cron.c?id=b19007ca9fddd62ecef3af4a7d2d252f1d5e0419

Regards,
Salvatore

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ7eOrAAoJEHidbwV/2GP+At0P/jX7uXHtaNJkVMS47IJ3jVIj
Ftmywp82cTsVrilpYZ+0ryjjrEm3q/m81RlmJJ+0AvAlP1UawDi2vK3gRAxAi1Xe
Rqb7aaKtPBVTraMWvr11HIYSg4F99X/2OVn3sEAiGATyvMuqPv3hpdMCWAog+pVD
Y5p26l3LN+pJmJILX9DY22J1x+th//6rcWKMmjbJ5As8ZfvkM7QIiPnzZoTw+vjd
ofDT+TSb/V/nW/mMOppsyTLfOJdQojtJ/u7n0a+IHOgpcqZ4+Nvxb9PAsV3+TV+p
5Wocu6OyY0CSYsjtFS/h6lS78Yx3davlkqVmgr5lejO+SJEhHesTnvYGD6PwmF6e
1j65ed7P5IZT7mazfeYEY3P0ynE8WjU65vZjqENtqDY8k9kGVyjAyH53ldnn5SEA
tfJfJbQ9nJ1dm8uWJD27Jao8+OCVzJ5oJwh6o7LOHKcn4RGGfFAhRi0hlW8K2p+G
Ygrpalwasm7RalZ4xqIt/5GF4KCfam1SC+PVDKoYZt7sznRwtdUaGqHP5BMlalU1
lGC4OgQlyzBzyrqH49iSu8SgMYNjzJc4Ri2QbPNojKojBALwWkw7s/kx2jYjNUoC
4r+CEn39pZJe3RMiNoD075XPtUsSiZrqdXyNQyPi9rKnn/CFg80ZOUBOy393gm4q
YDM0cCb/yZQiYjzfhMXF
=wmWJ
-----END PGP SIGNATURE-----