Change log for sudo package in Ubuntu
| 76 → 150 of 209 results | First • Previous • Next • Last |
sudo (1.8.16-0ubuntu1.2) xenial; urgency=medium
* debian/sudoers:
- include /snap/bin in the secure_path (LP: #1595558)
-- Michael Vogt <email address hidden> Mon, 15 Aug 2016 18:10:18 +0200
Available diffs
- diff from 1.8.16-0ubuntu1.1 to 1.8.16-0ubuntu1.2 (505 bytes)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
sudo (1.8.16-0ubuntu3) yakkety; urgency=medium
* debian/sudoers:
- include /snap/bin in the secure_path (LP: #1595558)
-- Michael Vogt <email address hidden> Mon, 15 Aug 2016 18:08:34 +0200
Available diffs
- diff from 1.8.16-0ubuntu2 to 1.8.16-0ubuntu3 (505 bytes)
sudo (1.8.16-0ubuntu1.1) xenial; urgency=medium
* debian/patches/lp1565567.patch: fix crash when looking up a negative
cached entry which is stored as a NULL passwd or group struct pointer
in plugins/sudoers/pwutil.c. (LP: #1565567)
-- Marc Deslauriers <email address hidden> Wed, 04 May 2016 11:36:54 -0400
Available diffs
sudo (1.8.16-0ubuntu2) yakkety; urgency=medium
* debian/patches/lp1565567.patch: fix crash when looking up a negative
cached entry which is stored as a NULL passwd or group struct pointer
in plugins/sudoers/pwutil.c. (LP: #1565567)
-- Marc Deslauriers <email address hidden> Wed, 04 May 2016 11:31:55 -0400
Available diffs
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
sudo (1.8.16-0ubuntu1) xenial; urgency=medium * Update to new upstream version 1.8.16. (LP: #1563825) - Dropped patches no longer needed: + CVE-2015-5602-6.patch + CVE-2015-5602-7.patch * Merge from Debian unstable. Remaining changes: - Use tmpfs location to store timestamp files + debian/rules: change --with-rundir to /var/run/sudo + debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop shipping init script and service file, as they are no longer necessary. + debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old init script with dpkg-maintscript-helper. + debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo transition code, remove old /var/lib/sudo/ts timestamp directory. - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours + install apport hooks - debian/sudoers: + also grant admin group sudo access - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/control: + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command - Remaining patches: + keep_home_by_default.patch: Keep HOME in the default environment + debian/patches/also_check_sudo_group.diff: also check the sudo group in plugins/sudoers/sudoers.c to create the admin flag file. Leave the admin group check for backwards compatibility. - Dropped patches no longer needed: + debian/patches/pam_check_untranslated_prompt.patch: upstream.
Available diffs
- diff from 1.8.12-1ubuntu3 to 1.8.16-0ubuntu1 (942.4 KiB)
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
sudo (1.8.12-1ubuntu3) wily; urgency=medium
* debian/patches/pam_check_untranslated_prompt.patch: also check the un-
translated version of the prompt when checking if the PAM prompt matches
"Password:". Patch from Joel Pelaez Jorge. (LP: #1414303)
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 22 Sep 2015 11:57:43 -0400
Available diffs
sudo (1.8.9p5-1ubuntu1.2) trusty-proposed; urgency=medium * Ensure uid matching works in the sudoers file. (LP: #1319403) -- Brian Murray <email address hidden> Wed, 26 Aug 2015 16:59:47 -0700
Available diffs
sudo (1.8.12-1ubuntu2) wily; urgency=medium * Use tmpfs location to store timestamp files (LP: #1458031) - debian/rules: change --with-rundir to /var/run/sudo - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop shipping init script and service file, as they are no longer necessary. - debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old init script with dpkg-maintscript-helper. - debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo transition code, remove old /var/lib/sudo/ts timestamp directory. -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2015 09:31:38 -0400
Available diffs
sudo (1.8.12-1ubuntu1) wily; urgency=medium * Merge from Debian unstable. (LP: #1451274, LP: #1219337) Remaining changes: - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours + install apport hooks - debian/sudoers: + also grant admin group sudo access - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/control: + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command - Remaining patches: + keep_home_by_default.patch: Keep HOME in the default environment + debian/patches/also_check_sudo_group.diff: also check the sudo group in plugins/sudoers/sudoers.c to create the admin flag file. Leave the admin group check for backwards compatibility. * Dropped patches no longer needed: + add_probe_interfaces_setting.diff + actually-use-buildflags.diff + CVE-2014-9680.patch
Available diffs
sudo (1.7.2p1-1ubuntu5.8) lucid-security; urgency=medium
* SECURITY UPDATE: arbitrary file access via TZ
- configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
pathnames.h.in, plugins/sudoers/env.c: sanity check TZ env variable.
- http://www.sudo.ws/repos/sudo/rev/650ac6938b59
- http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0
- http://www.sudo.ws/repos/sudo/rev/91859f613b88
- http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0
- CVE-2014-9680
-- Marc Deslauriers <email address hidden> Thu, 12 Mar 2015 12:21:20 -0400
Available diffs
sudo (1.8.3p1-1ubuntu3.7) precise-security; urgency=medium
* SECURITY UPDATE: arbitrary file access via TZ
- debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
pathnames.h.in, plugins/sudoers/env.c.
- CVE-2014-9680
-- Marc Deslauriers <email address hidden> Thu, 12 Mar 2015 11:32:42 -0400
Available diffs
sudo (1.8.9p5-1ubuntu2.1) utopic-security; urgency=medium
* SECURITY UPDATE: arbitrary file access via TZ
- debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
configure, configure.ac, doc/sudoers.cat, doc/sudoers.man.in,
doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in,
plugins/sudoers/env.c.
- CVE-2014-9680
-- Marc Deslauriers <email address hidden> Thu, 12 Mar 2015 11:20:35 -0400
Available diffs
sudo (1.8.9p5-1ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary file access via TZ
- debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
configure, configure.ac, doc/sudoers.cat, doc/sudoers.man.in,
doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in,
plugins/sudoers/env.c.
- CVE-2014-9680
-- Marc Deslauriers <email address hidden> Thu, 12 Mar 2015 11:21:06 -0400
Available diffs
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
sudo (1.8.9p5-1ubuntu5) vivid; urgency=medium
* SECURITY UPDATE: arbitrary file access via TZ
- debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
configure, configure.ac, doc/sudoers.cat, doc/sudoers.man.in,
doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in,
plugins/sudoers/env.c.
- CVE-2014-9680
-- Marc Deslauriers <email address hidden> Thu, 12 Mar 2015 10:45:21 -0400
Available diffs
sudo (1.8.9p5-1ubuntu4) vivid; urgency=medium
* Correct sudo.pam use "session" for pam_env.so, not "auth". (LP:
#155794, LP: #25700)
-- Dimitri John Ledkov <email address hidden> Tue, 23 Dec 2014 04:08:33 +0000
Available diffs
- diff from 1.8.9p5-1ubuntu3 to 1.8.9p5-1ubuntu4 (541 bytes)
sudo (1.8.9p5-1ubuntu3) vivid; urgency=medium
* debian/patches/also_check_sudo_group.diff: also check the sudo group
in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
admin group check for backwards compatibility. (LP: #1387347)
-- Marc Deslauriers <email address hidden> Wed, 29 Oct 2014 15:55:34 -0400
Available diffs
- diff from 1.8.9p5-1ubuntu2 to 1.8.9p5-1ubuntu3 (884 bytes)
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
sudo (1.8.9p5-1ubuntu2) utopic; urgency=medium
* debian/sudo_root.8: mention sudo group instead of deprecated group
admin (LP: #1130643)
-- Andrey Bondarenko <email address hidden> Sat, 23 Aug 2014 01:18:05 +0600
Available diffs
- diff from 1.8.9p5-1ubuntu1 to 1.8.9p5-1ubuntu2 (983 bytes)
sudo (1.8.6p3-0ubuntu3.1) saucy-security; urgency=medium
* debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)
-- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 08:00:06 -0400
Available diffs
sudo (1.8.5p2-1ubuntu1.2) quantal-security; urgency=medium
* debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)
-- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 07:58:51 -0400
Available diffs
sudo (1.8.3p1-1ubuntu3.6) precise-security; urgency=medium
* SECURITY UPDATE: security policy bypass when env_reset is disabled
- debian/patches/CVE-2014-0106.patch: fix logic inversion in
plugins/sudoers/env.c.
- CVE-2014-0106
* debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)
-- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 07:56:53 -0400
Available diffs
sudo (1.7.2p1-1ubuntu5.7) lucid-security; urgency=medium
* SECURITY UPDATE: security policy bypass when env_reset is disabled
- env.c: fix logic inversion
- http://www.sudo.ws/repos/sudo/rev/748cefb49422
- CVE-2014-0106
-- Marc Deslauriers <email address hidden> Mon, 10 Mar 2014 13:43:32 -0400
Available diffs
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
sudo (1.8.9p5-1ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudoers:
+ also grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/control:
+ dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
+ actually-use-buildflags: Pass LDFLAGS everywhere
+ add_probe_interfaces_setting.diff: option to disable network inf probe
* add_probe_interfaces_setting.diff: fix to not modify NEWS file.
Available diffs
sudo (1.8.9p4-1ubuntu2) trusty; urgency=medium
* Enable and refresh: actually-use-buildflags: Pass LDFLAGS everywhere
* Add the ability to disable network interface probing. This fixes
performance issues with large number of network interfaces (LP: #1272414)
-- Chris J Arges <email address hidden> Tue, 28 Jan 2014 05:07:02 -0600
Available diffs
sudo (1.8.9p4-1ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudoers:
+ also grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/control:
+ dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
+ actually-use-buildflags: Pass LDFLAGS everywhere
Available diffs
- diff from 1.8.8-2ubuntu2 to 1.8.9p4-1ubuntu1 (583.2 KiB)
sudo (1.8.8-2ubuntu2) trusty; urgency=medium * Build using dh-autoreconf. -- Matthias Klose <email address hidden> Sun, 15 Dec 2013 16:24:49 +0100
Available diffs
- diff from 1.8.8-2ubuntu1 to 1.8.8-2ubuntu2 (809 bytes)
sudo (1.8.8-2ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudoers:
+ also grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
+ actually-use-buildflags: Pass LDFLAGS everywhere
Available diffs
- diff from 1.8.6p3-0ubuntu3 to 1.8.8-2ubuntu1 (727.6 KiB)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
sudo (1.8.6p3-0ubuntu3) raring; urgency=low
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
set to epoch in plugins/sudoers/check.c.
- CVE-2013-1775
-- Marc Deslauriers <email address hidden> Wed, 27 Feb 2013 13:26:26 -0500
Available diffs
sudo (1.6.9p10-1ubuntu3.10) hardy-security; urgency=low
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
set to epoch in check.c.
- backported from ddf399e3e306ca238f6f1cda8153889b15bba12e
- CVE-2013-1775
-- Marc Deslauriers <email address hidden> Wed, 27 Feb 2013 14:28:45 -0500
Available diffs
sudo (1.7.2p1-1ubuntu5.6) lucid-security; urgency=low
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
set to epoch in check.c.
- backported from ddf399e3e306ca238f6f1cda8153889b15bba12e
- CVE-2013-1775
-- Marc Deslauriers <email address hidden> Wed, 27 Feb 2013 13:45:39 -0500
Available diffs
sudo (1.7.4p6-1ubuntu2.2) oneiric-security; urgency=low
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
set to epoch in check.c.
- CVE-2013-1775
-- Marc Deslauriers <email address hidden> Wed, 27 Feb 2013 13:38:01 -0500
Available diffs
sudo (1.8.3p1-1ubuntu3.4) precise-security; urgency=low
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
set to epoch in plugins/sudoers/check.c.
- CVE-2013-1775
-- Marc Deslauriers <email address hidden> Wed, 27 Feb 2013 13:34:15 -0500
Available diffs
sudo (1.8.5p2-1ubuntu1.1) quantal-security; urgency=low
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
set to epoch in plugins/sudoers/check.c.
- CVE-2013-1775
-- Marc Deslauriers <email address hidden> Wed, 27 Feb 2013 13:31:24 -0500
Available diffs
sudo (1.8.6p3-0ubuntu2) raring; urgency=low
* The latest sssd upload dropped the soname from libsss_sudo.so, so we
can now drop our sudo delta and just use libsss_sudo.so directly.
-- Stephane Graber <email address hidden> Fri, 07 Dec 2012 23:11:45 -0500
Available diffs
- diff from 1.8.6p3-0ubuntu1 to 1.8.6p3-0ubuntu2 (724 bytes)
sudo (1.7.2p1-1ubuntu5.5) lucid-proposed; urgency=low
* toke.{cl}: avoid duplicate fclose() of the sudoers file (LP: #553786)
- http://www.sudo.ws/repos/sudo/rev/164d39108dde
-- Marc Deslauriers <email address hidden> Thu, 22 Nov 2012 16:08:01 -0500
Available diffs
sudo (1.8.6p3-0ubuntu1) raring; urgency=low
* New upstream release (1.8.6p3).
* Add patch to fix building with sssd when ldap is disabled.
* Drop sudo.manpages and sudo-ldap.manpages as the upstream build system
now does the right thing here.
* Build the main sudo package with support for sssd, this doesn't add any
additional build time or runtime dependency. sudo will dynamically load
the sssd library if 'sss' is listed for the 'sudoers' nss service.
-- Stephane Graber <email address hidden> Fri, 16 Nov 2012 09:31:32 -0500
Available diffs
- diff from 1.8.5p2-1ubuntu1 to 1.8.6p3-0ubuntu1 (610.9 KiB)
sudo (1.8.5p2-1ubuntu1) quantal; urgency=low * Merge from debian/testing (LP: #1024154), remaining changes: - debian/patches/keep_home_by_default.patch: + Set HOME in initial_keepenv_table. - debian/rules: + compile with --without-lecture --with-tty-tickets (Ubuntu specific) + install man/man8/sudo_root.8 in both flavours (Ubuntu specific) + install apport hooks + The ubuntu-sudo-as-admin-successful.patch was taken upstream by Debian however it requires a --enable-admin-flag configure flag to actually enable it in both flavours. - debian/control: + Mark Debian Vcs-* as XS-Debian-Vcs-* + update debian/control - debian/sudoers: + grant admin group sudo access - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. * Dropped changes: - debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch + Fixed upstream in 1.8.5 - debian/patches/CVE-2012-2337.patch: + Fixed upstream in 1.8.4p5 - debian/patches/pam_env_merge.patch: + Feature released upstream in 1.8.5 - debian/{sudo,sudo-ldap}.{preinst,postinst,postrm}: + Drop Ubuntu-specific sudoers file migration code because the only upgrade path to quantal is from precise. All necessary sudoers file migration will have already been done by the time this version of the sudo package is installed.
Available diffs
- diff from 1.8.3p2-1ubuntu2 to 1.8.5p2-1ubuntu1 (599.5 KiB)
sudo (1.8.3p1-1ubuntu3.3) precise-proposed; urgency=low
* debian/patches/pam_env_merge.patch: Merge the PAM environment into the
user environment (LP: #982684)
* debian/sudo.pam: Use pam_env to read /etc/environment and
/etc/default/locale environment files. Reading ~/.pam_environment is not
permitted due to security reasons.
-- Tyler Hicks <email address hidden> Mon, 21 May 2012 00:48:10 -0500
Available diffs
| Superseded in quantal-release |
sudo (1.8.3p2-1ubuntu2) quantal; urgency=low
* debian/patches/pam_env_merge.patch: Merge the PAM environment into the
user environment (LP: #982684)
* debian/sudo.pam: Use pam_env to read /etc/environment and
/etc/default/locale environment files. Reading ~/.pam_environment is not
permitted due to security reasons.
-- Tyler Hicks <email address hidden> Mon, 21 May 2012 00:48:10 -0500
Available diffs
| Superseded in quantal-release |
sudo (1.8.3p2-1ubuntu1) quantal; urgency=low
* Merge from debian/testing, remaining changes:
- debian/patches/keep_home_by_default.patch:
+ Set HOME in initial_keepenv_table. (rebased for 1.8.3p1)
- debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch
+ Fix Abort in some PAM modules when timestamp is valid. (LP: #927828)
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 in both flavours (Ubuntu specific)
+ install apport hooks
+ The ubuntu-sudo-as-admin-successful.patch was taken upstream by
Debian however it requires a --enable-admin-flag configure flag to
actually enable it in both flavours.
- debian/control:
+ Mark Debian Vcs-* as XS-Debian-Vcs-*
+ update debian/control
- debian/sudoers:
+ grant admin group sudo access
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.preinst:
+ avoid conffile prompt by checking for known default /etc/sudoers
and if found installing the correct default /etc/sudoers file.
Modified for updated default sudoers. Aproach taken is different
from Debian. Maybe this should now be dropped, since an LTS was
released.
* Dropped changes:
- debian/patches/CVE-2012-0809.patch:
+ dropped, included in this new upstream release.
- debian/patches/enable_badpass.patch:
+ dropped as Debian chose to set this by default in the sudoers.
Available diffs
| Superseded in quantal-release |
sudo (1.8.3p1-1ubuntu5) quantal; urgency=low
* SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
values (LP: #1000276)
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- CVE-2012-2337
-- Tyler Hicks <email address hidden> Wed, 16 May 2012 09:42:17 -0500
Available diffs
sudo (1.6.9p10-1ubuntu3.9) hardy-security; urgency=low
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
Host_List values
- parse.c: Prevent IPv6 netmask-based address matching logic from
incorrectly being applied to IPv4 addresses. Based on upstream patch
written by Todd C. Miller.
- CVE-2012-2337
-- Tyler Hicks <email address hidden> Tue, 15 May 2012 23:28:04 -0500
Available diffs
sudo (1.7.2p1-1ubuntu5.4) lucid-security; urgency=low
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
Host_List values
- match.c: Prevent IPv6 netmask-based address matching logic from
incorrectly being applied to IPv4 addresses. Based on upstream patch
written by Todd C. Miller.
- CVE-2012-2337
-- Tyler Hicks <email address hidden> Tue, 15 May 2012 23:28:04 -0500
Available diffs
sudo (1.7.4p4-5ubuntu7.2) natty-security; urgency=low
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
Host_List values
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- CVE-2012-2337
-- Tyler Hicks <email address hidden> Tue, 15 May 2012 23:28:04 -0500
Available diffs
sudo (1.7.4p6-1ubuntu2.1) oneiric-security; urgency=low
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
Host_List values
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- CVE-2012-2337
-- Tyler Hicks <email address hidden> Tue, 15 May 2012 23:28:04 -0500
Available diffs
sudo (1.8.3p1-1ubuntu3.2) precise-security; urgency=low
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
Host_List values
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- CVE-2012-2337
-- Tyler Hicks <email address hidden> Tue, 15 May 2012 23:28:04 -0500
Available diffs
sudo (1.8.3p1-1ubuntu3.1) precise-proposed; urgency=low * Fix Abort in some PAM modules when timestamp is valid. (LP: #927828) -- TJ (Ubuntu Contributions) <email address hidden> Mon, 30 Apr 2012 18:05:21 +0100
Available diffs
| Superseded in quantal-release |
sudo (1.8.3p1-1ubuntu4) quantal; urgency=low * Fix Abort in some PAM modules when timestamp is valid. (LP: #927828) -- TJ (Ubuntu Contributions) <email address hidden> Mon, 30 Apr 2012 17:55:27 +0100
Available diffs
sudo (1.8.3p1-1ubuntu3) precise; urgency=low
* SECURITY UPDATE: permissions bypass via format string
- debian/patches/CVE-2012-0809.patch: fix format string vulnerability
in src/sudo.c.
- CVE-2012-0809
-- Marc Deslauriers <email address hidden> Tue, 31 Jan 2012 10:25:52 -0500
Available diffs
- diff from 1.8.3p1-1ubuntu2 to 1.8.3p1-1ubuntu3 (917 bytes)
| Superseded in precise-release |
sudo (1.8.3p1-1ubuntu2) precise; urgency=low
* debian/sudo.preinst:
- updated to avoid conffile prompt by migrating to the new sudoers file
changes in Precise. (LP: #894410)
-- Marc Deslauriers <email address hidden> Thu, 24 Nov 2011 10:48:58 -0500
Available diffs
- diff from 1.8.3p1-1ubuntu1 to 1.8.3p1-1ubuntu2 (940 bytes)
| Superseded in precise-release |
sudo (1.8.3p1-1ubuntu1) precise; urgency=low
* Merge from debian/testing, remaining changes:
- debian/patches/keep_home_by_default.patch:
+ Set HOME in initial_keepenv_table. (rebased for 1.8.3p1)
- debian/patches/enable_badpass.patch: turn on "mail_badpass" by default:
+ attempting sudo without knowing a login password is as bad as not
being listed in the sudoers file, especially if getting the password
wrong means doing the access-check-email-notification never happens
(rebased for 1.8.3p1)
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 (Ubuntu specific)
+ install apport hooks
+ The ubuntu-sudo-as-admin-successful.patch was taken upstream by
Debian however it requires a --enable-admin-flag configure flag to
actually enable it.
- debian/sudoers:
+ grant admin group sudo access
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.preinst:
+ avoid conffile prompt by checking for known default /etc/sudoers
and if found installing the correct default /etc/sudoers file
Available diffs
sudo (1.7.4p6-1ubuntu2) oneiric; urgency=low
* debian/patches/enable_badpass.patch: turn on "mail_badpass" by default:
- attempting sudo without knowing a login password is as bad as not
being listed in the sudoers file, especially if getting the password
wrong means doing the access-check-email-notification never happens
(Closes: 641218).
-- Kees Cook <email address hidden> Sun, 11 Sep 2011 10:29:08 -0700
Available diffs
| Superseded in oneiric-release |
sudo (1.7.4p6-1ubuntu1) oneiric; urgency=low
* Merge from debian/unstable, remaining changes:
- debian/patches/keep_home_by_default.patch:
+ Set HOME in initial_keepenv_table.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root.8 (Ubuntu specific)
+ install apport hooks
- debian/sudoers:
+ grant admin group sudo access
- debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
* drop debian/patches/CVE-2011-0010.patch, applied upstream now
Available diffs
sudo (1.7.4p4-5ubuntu7.1) natty-proposed; urgency=low
* debian/sudo.preinst:
- if well-known ec2 vmbuilder file is found, write a file in
sudoers.d for the 'ubuntu' user (LP: #768625)
-- Scott Moser <email address hidden> Thu, 21 Apr 2011 18:04:34 -0400
Available diffs
- diff from 1.7.4p4-5ubuntu7 to 1.7.4p4-5ubuntu7.1 (942 bytes)
| Superseded in oneiric-release |
sudo (1.7.4p4-5ubuntu8) oneiric; urgency=low
* debian/sudo.preinst:
- if well-known ec2 vmbuilder file is found, write a file in
sudoers.d for the 'ubuntu' user (LP: #768625)
-- Scott Moser <email address hidden> Thu, 21 Apr 2011 18:04:34 -0400
Available diffs
- diff from 1.7.4p4-5ubuntu7 to 1.7.4p4-5ubuntu8 (939 bytes)
sudo (1.7.4p4-5ubuntu7) natty; urgency=low
* debian/sudo.preinst:
- do not consider the ec2 vmbuilder default sudoers file
verbatim as its actually customized (LP: #761689)
-- Michael Vogt <email address hidden> Fri, 15 Apr 2011 16:40:10 +0200
Available diffs
- diff from 1.7.4p4-5ubuntu6 to 1.7.4p4-5ubuntu7 (604 bytes)
| Superseded in natty-release |
sudo (1.7.4p4-5ubuntu6) natty; urgency=low
* debian/patches/keep_home_by_default.patch: Set HOME in
initial_keepenv_table. LP: #760140
-- Steve Langasek <email address hidden> Wed, 13 Apr 2011 12:32:25 -0700
Available diffs
- diff from 1.7.4p4-5ubuntu5 to 1.7.4p4-5ubuntu6 (779 bytes)
| Superseded in natty-release |
sudo (1.7.4p4-5ubuntu5) natty; urgency=low
* debian/sudo.preinst:
- avoid conffile prompt by checking for known default /etc/sudoers
and if found installing the correct default /etc/sudoers file
(LP: #690873)
-- Michael Vogt <email address hidden> Fri, 25 Mar 2011 09:13:43 +0100
Available diffs
| Superseded in natty-release |
sudo (1.7.4p4-5ubuntu4) natty; urgency=low
* debian/rules: The ubuntu-sudo-as-admin-successful.patch was taken
upstream by Debian however it requires a --enable-admin-flag configure
flag to actually enable it.
(LP: #706045)
-- Bryce Harrington <email address hidden> Thu, 10 Feb 2011 12:01:53 -0800
Available diffs
- diff from 1.7.4p4-5ubuntu3 to 1.7.4p4-5ubuntu4 (608 bytes)
| Superseded in natty-release |
sudo (1.7.4p4-5ubuntu3) natty; urgency=low
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- debian/patches/CVE-2011-0010.patch: prompt for password when the user is
running sudo as himself but as a different group
- CVE-2011-0010
-- Jamie Strandboge <email address hidden> Tue, 18 Jan 2011 16:37:09 -0600
Available diffs
- diff from 1.7.4p4-5ubuntu2 to 1.7.4p4-5ubuntu3 (982 bytes)
sudo (1.7.2p7-1ubuntu2.1) maverick-security; urgency=low
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- debian/patches/user_in_group.patch: add user_in_group(), backported from
upstream
- debian/patches/CVE-2011-0010.patch: prompt for password when the user is
running sudo as himself but as a different group
- CVE-2011-0010
-- Jamie Strandboge <email address hidden> Wed, 19 Jan 2011 10:30:27 -0600
Available diffs
sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
Going forward, will need to look at this code also if a flaw is found in
this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
and 6ebc55d4716b.
- check.c: prompt for password when the user is running sudo as himself
but as a different group. Backported from fe8a94f96542.
- CVE-2011-0010
-- Jamie Strandboge <email address hidden> Wed, 19 Jan 2011 10:39:09 -0600
Available diffs
sudo (1.7.0-1ubuntu2.6) karmic-security; urgency=low
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
Going forward, will need to look at this code also if a flaw is found in
this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
and 6ebc55d4716b.
- check.c: prompt for password when the user is running sudo as himself
but as a different group. Based on fe8a94f96542.
- CVE-2011-0010
-- Jamie Strandboge <email address hidden> Wed, 19 Jan 2011 10:46:05 -0600
Available diffs
| Superseded in natty-release |
sudo (1.7.4p4-5ubuntu2) natty; urgency=low
* debian/sudoers: temporarily workaround LP #690873 by adding %admin
into the default sudoers file in case people just say "yes" to the
dpkg conffile prompt.
-- Kees Cook <email address hidden> Wed, 15 Dec 2010 15:38:17 -0800
Available diffs
- diff from 1.7.4p4-5ubuntu1 to 1.7.4p4-5ubuntu2 (573 bytes)
| Superseded in natty-release |
sudo (1.7.4p4-5ubuntu1) natty; urgency=low * Merge from debian unstable (LP: #689025), remaining changes: - debian/rules: + compile with --without-lecture --with-tty-tickets (Ubuntu specific) + install man/man8/sudo_root.8 (Ubuntu specific) + install apport hooks - debian/sudo-ldap.dirs, debian/sudo.dirs: add usr/share/apport/package-hooks * This upload also fixes: LP: #609645
Available diffs
| Superseded in natty-release |
sudo (1.7.2p7-1ubuntu3) natty; urgency=low * No-change upload to drop sizable upstream changelog. -- Martin Pitt <email address hidden> Mon, 22 Nov 2010 11:24:33 +0100
Available diffs
sudo (1.7.0-1ubuntu2.5) karmic-security; urgency=low
* SECURITY UPDATE: privilege escalation via '-g' option when using
'user:group' in Runas_Spec
- update match.c to verify both user and group match sudoers when using
'-g'. Based on patch from upstream.
- CVE-2010-2956
-- Jamie Strandboge <email address hidden> Tue, 31 Aug 2010 15:55:00 -0500
Available diffs
sudo (1.7.2p1-1ubuntu5.2) lucid-security; urgency=low
* SECURITY UPDATE: privilege escalation via '-g' option when using
'user:group' in Runas_Spec
- update match.c to verify both user and group match sudoers when using
'-g'. Patch thanks to upstream.
- CVE-2010-2956
-- Jamie Strandboge <email address hidden> Tue, 31 Aug 2010 15:16:00 -0500
Available diffs
sudo (1.7.2p7-1ubuntu2) maverick; urgency=low
* SECURITY UPDATE: privilege escalation via '-g' option when using
'user:group' in Runas_Spec
- debian/patches/CVE-2010-2956.patch: update match.c to verify both user
and group match sudoers when using '-g'
- CVE-2010-2956
-- Jamie Strandboge <email address hidden> Tue, 31 Aug 2010 14:54:06 -0500
Available diffs
| Superseded in maverick-release |
sudo (1.7.2p7-1ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/rules:
- compile with --without-lecture --with-tty-tickets (Ubuntu specific)
- install man/man8/sudo_root.8 (Ubuntu specific)
- install apport hooks
- debian/sudo-ldap.dirs, debian/sudo.dirs: add
usr/share/apport/package-hooks
- debian/patches/ubuntu-sudo-as-admin-successful.patch: adjust sudo.c so
that if the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the flag
is not present
* Dropped the following, now included upstream:
- fix for CVE-2010-1163
- fix for CVE-2010-0426
- debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
match behavior in sudoers file
- don't install init script. Debian moved to /var/lib/sudo from
/var/run/sudo, so Ubuntu's tmpfs usage won't clean those out
automatically any more, so we now need the initscript.
Available diffs
sudo (1.7.0-1ubuntu2.4) karmic-security; urgency=low
* SECURITY UPDATE: properly handle multiple PATH variables when using
secure_path in env.c
- Adapted http://www.sudo.ws/repos/sudo/raw-rev/a09c6812eaec
- CVE-2010-1646
-- Jamie Strandboge <email address hidden> Mon, 28 Jun 2010 16:41:06 -0500
Available diffs
- diff from 1.7.0-1ubuntu2.3 to 1.7.0-1ubuntu2.4 (690 bytes)
sudo (1.7.2p1-1ubuntu5.1) lucid-security; urgency=low
* SECURITY UPDATE: properly handle multiple PATH variables when using
secure_path in env.c
- http://www.sudo.ws/repos/sudo/raw-rev/a09c6812eaec
- CVE-2010-1646
-- Jamie Strandboge <email address hidden> Fri, 18 Jun 2010 14:00:54 -0500
Available diffs
sudo (1.6.9p17-1ubuntu3.3) jaunty-security; urgency=low
* SECURITY UPDATE: properly handle multiple PATH variables when using
secure_path in env.c
- http://www.sudo.ws/repos/sudo/raw-rev/3057fde43cf0
- CVE-2010-1646
-- Jamie Strandboge <email address hidden> Fri, 18 Jun 2010 13:59:38 -0500
Available diffs
sudo (1.6.9p10-1ubuntu3.8) hardy-security; urgency=low
* SECURITY UPDATE: properly handle multiple PATH variables when using
secure_path in env.c
- http://www.sudo.ws/repos/sudo/raw-rev/3057fde43cf0
- CVE-2010-1646
-- Jamie Strandboge <email address hidden> Fri, 18 Jun 2010 13:57:12 -0500
Available diffs
sudo (1.6.8p12-1ubuntu6.3) dapper-security; urgency=low
* SECURITY UPDATE: properly handle multiple PATH variables when using
secure_path in env.c
- http://www.sudo.ws/repos/sudo/raw-rev/3057fde43cf0
- CVE-2010-1646
-- Jamie Strandboge <email address hidden> Fri, 18 Jun 2010 14:11:17 -0500
Available diffs
sudo (1.6.8p12-1ubuntu6.2) dapper-security; urgency=low
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX
-- Jamie Strandboge <email address hidden> Tue, 13 Apr 2010 12:21:57 -0500
Available diffs
| 76 → 150 of 209 results | First • Previous • Next • Last |
