Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Pullup ticket 3137 - requested by kefren
security update
Revisions pulled up:
- pkgsrc/security/sudo/Makefile 1.121
- pkgsrc/security/sudo/distinfo 1.63
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jun 3 14:53:14 UTC 2010
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
Update security/sudo package to 1.7.2p7.
For more detail: http://www.sudo.ws/sudo/alerts/secure_path.html
Summary:
Sudo "secure path" feature works by replacing the PATH environment
variable with a value specified in the sudoers file, or at
compile time if the --with-secure-path configure option is used.
The flaw is that sudo only replaces the first instance of PATH
in the environment. If the program being run through sudo uses
the last instance of PATH in the environment, an attacker may
be able to avoid the "secure path" restrictions.
Sudo versions affected:
Sudo 1.3.1 through 1.6.9p22 and Sudo 1.7.0 through 1.7.2p6.
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/security/sudo/distinfo
| Revision | Action | file |
| 1.119.2.2 | modify | pkgsrc/security/sudo/Makefile |
| 1.61.2.2 | modify | pkgsrc/security/sudo/distinfo |