lp://staging/ubuntu/lucid-updates/sudo
- Get this branch:
- bzr branch lp://staging/ubuntu/lucid-updates/sudo
Branch merges
Branch information
Recent revisions
- 43. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary file access via TZ
- configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
pathnames.h.in, plugins/sudoers/ env.c: sanity check TZ env variable.
- http://www.sudo. ws/repos/ sudo/rev/ 650ac6938b59
- http://www.sudo. ws/repos/ sudo/rev/ ac1467f71ac0
- http://www.sudo. ws/repos/ sudo/rev/ 91859f613b88
- http://www.sudo. ws/repos/ sudo/rev/ 579b02f0dbe0
- CVE-2014-9680 - 42. By Marc Deslauriers
-
* SECURITY UPDATE: security policy bypass when env_reset is disabled
- env.c: fix logic inversion
- http://www.sudo. ws/repos/ sudo/rev/ 748cefb49422
- CVE-2014-0106 - 41. By Marc Deslauriers
-
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/ CVE-2013- 1775.patch: ignore time stamp file if it is
set to epoch in check.c.
- backported from ddf399e3e306ca238f6f1cda815388 9b15bba12e
- CVE-2013-1775 - 40. By Tyler Hicks
-
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
Host_List values
- match.c: Prevent IPv6 netmask-based address matching logic from
incorrectly being applied to IPv4 addresses. Based on upstream patch
written by Todd C. Miller.
- CVE-2012-2337 - 39. By Jamie Strandboge
-
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
Going forward, will need to look at this code also if a flaw is found in
this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
and 6ebc55d4716b.
- check.c: prompt for password when the user is running sudo as himself
but as a different group. Backported from fe8a94f96542.
- CVE-2011-0010 - 38. By Jamie Strandboge
-
* SECURITY UPDATE: privilege escalation via '-g' option when using
'user:group' in Runas_Spec
- update match.c to verify both user and group match sudoers when using
'-g'. Patch thanks to upstream.
- CVE-2010-2956 - 37. By Jamie Strandboge
-
* SECURITY UPDATE: properly handle multiple PATH variables when using
secure_path in env.c
- http://www.sudo. ws/repos/ sudo/raw- rev/a09c6812eae c
- CVE-2010-1646 - 36. By Jamie Strandboge
-
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX - 35. By Martin Pitt
-
env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
EBW hack, caused inconsistencies with other proxy variables (such as
https_proxy and ftp_proxy), made sudo incompatible to upstream
behaviour/documentation. This is solved in a much better way in apt itself
and gnome-network-properties now. (LP: #432631) - 34. By Marc Deslauriers
-
debian/
sudo.postinst, debian/ sudo-ldap. postinst: update description to
match behaviour in sudoers file. (LP: #534090)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/maverick/sudo