fcron (2.9.5.1-1) unstable; urgency=high
* New upstream source:
* SECURITY FIX: Due to design errors in the fcronsighup program, Fcron
may allow a local user to bypass access restrictions (CAN-2004-1031),
view the contents of root owned files (CAN-2004-1030), remove
arbitrary files or create empty files (CAN-2004-1032), and send a
SIGHUP to any process. A vulnerability also exists in fcrontab which
may allow local users to view the contents of fcron.allow and
fcron.deny (CAN-2004-1033).
Ref: iDEFENSE Security Advisory 11.15.04.
(closes: #281436)
* Thanks to Gentoo's GLSA 200411-27 for providing the above text ;-)
* Add myself to uploaders
* Use $(MAKE) distclean on clean: target
* Clean up autom4te.cache directory on clean: target
* Rename fcron-update-crontabs.1 to fcron-update-crontabs.8, since it
is in section 8 anyway
* Add non-virtual-package packages to dependencies on virtual packages
(syslog-daemon and mail-transport-agent). Use packages that are
priority standard or higher for that
* Fix initscript so that it will start a stopped daemon on "restart"
* Now compliant to standards-version 3.6.1, bump control file entry
accordingly
-- Henrique de Moraes Holschuh <email address hidden> Fri, 19 Nov 2004 10:20:44 -0200
