Headline
CVE-2019-9706: SECURITY: Fix for possible DoS by use-after-free (40791b93) · Commits · Debian / cron · GitLab
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
Related news
CVE-2019-9704: SECURITY: DoS: Fix unchecked return of calloc() (f2525567) · Commits · Debian / cron · GitLab
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
CVE-2019-9705: Enforce maximum crontab line count of 1000 (26814a26) · Commits · Debian / cron · GitLab
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.