Date: Sat, 27 Jan 2001 23:49:54 +0100
From: Martin Schulze email@example.com
To: Debian Security Announcements
Subject: [SECURITY] [DSA 024-1] New version of cron released
Package : cron
Vulnerability : local insecure crontab handling
The FreeBSD team has found a bug in the way new crontabs were
handled which allowed malicious users to display arbitrary crontab
files on the local system. This only affects valid crontab files so
can't be used to get access to /etc/shadow or something. crontab
files are not especially secure anyway, as there are other ways
they can leak. No passwords or similar sensitive data should be in
We recommend you upgrade your cron packages.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
Potato was released for the alpha, arm, i386, m68k, powerpc and