Navigation:
Browse pkgsrc
(this page) 2010-06-05 08:16:43 by S.P.Zeidler | Files touched by this commit (2) |  |
Log message:
Pullup ticket 3137 - requested by kefren
security update
Revisions pulled up:
- pkgsrc/security/sudo/Makefile 1.121
- pkgsrc/security/sudo/distinfo 1.63
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jun 3 14:53:14 UTC 2010
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log message:
Update security/sudo package to 1.7.2p7.
For more detail: http://www.sudo.ws/sudo/alerts/secure_path.html
Summary:
Sudo "secure path" feature works by replacing the PATH environment
variable with a value specified in the sudoers file, or at
compile time if the --with-secure-path configure option is used.
The flaw is that sudo only replaces the first instance of PATH
in the environment. If the program being run through sudo uses
the last instance of PATH in the environment, an attacker may
be able to avoid the "secure path" restrictions.
Sudo versions affected:
Sudo 1.3.1 through 1.6.9p22 and Sudo 1.7.0 through 1.7.2p6.
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/security/sudo/distinfo
|
| 2010-04-17 10:34:13 by S.P.Zeidler | Files touched by this commit (3) | |
Log message:
Pullup ticket 3079 - requested by taca
security update
Revisions pulled up:
- pkgsrc/security/sudo/Makefile 1.120
- pkgsrc/security/sudo/distinfo 1.62
- pkgsrc/security/sudo/patches/patch-aa 1.23
--------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri Apr 16 15:33:52 UTC 2010
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
pkgsrc/security/sudo/patches: patch-aa
Log message:
Update sudo package from sudo-1.7.2p4 to sudo-1.7.2p6.
Sudo versions 1.7.2p6 and 1.6.9p22 are now available. These releases
fix a privilege escalation bug in the sudoedit functionality.
Summary:
A flaw exists in sudo's -e option (aka sudoedit) in sudo versions
1.6.8 through 1.7.2p5 that may give a user with permission to
run sudoedit the ability to run arbitrary commands. This bug
is related to, but distinct from, CVE 2010-0426.
Sudo versions affected:
1.6.8 through 1.7.2p5 inclusive.
To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.61 -r1.62 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.22 -r1.23 pkgsrc/security/sudo/patches/patch-aa
|
New packages: