-
sudo (1.6.9p17-1ubuntu3.3) jaunty-security; urgency=low
* SECURITY UPDATE: properly handle multiple PATH variables when using
secure_path in env.c
- http://www.sudo.ws/repos/sudo/raw-rev/3057fde43cf0
- CVE-2010-1646
-- Jamie Strandboge <email address hidden> Fri, 18 Jun 2010 13:59:38 -0500
-
sudo (1.6.9p17-1ubuntu3.2) jaunty-security; urgency=low
* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
pseudo-command when running from the current working directory and
secure_path is disabled
- CVE-2010-XXXX
-- Jamie Strandboge <email address hidden> Wed, 07 Apr 2010 15:38:30 -0500
-
sudo (1.6.9p17-1ubuntu3.1) jaunty-security; urgency=low
* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
in parse.c
- http://sudo.ws/repos/sudo/rev/f86e1b56d074
- CVE-2010-0426
* SECURITY UPDATE: reset cached supplementary runas groups when changing
the runas user in set_perms.c and sudo.c
- http://sudo.ws/repos/sudo/rev/aa0b6c01c462
- CVE-2010-0427
-- Jamie Strandboge <email address hidden> Wed, 24 Feb 2010 17:02:33 -0600
-
sudo (1.6.9p17-1ubuntu3) jaunty; urgency=low
* SECURITY UPDATE: privilege escalation via non-default system groups.
- parse.c: upstream fix for CVE-2009-0034:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22
-- Kees Cook <email address hidden> Mon, 16 Feb 2009 12:13:47 -0800
-
sudo (1.6.9p17-1ubuntu2) intrepid; urgency=low
* sudo.c: Drop usage of locale again, to revert back to the 1.6.8 behaviour.
fnmatch() and glob() behave differently under different locales and thus
cause undefined behaviour with (admittedly underspecified) character range
globs such as "[a-Z]". Patch taken from upstream CVS, see
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=296 (LP: #228046)
-- Martin Pitt <email address hidden> Mon, 01 Sep 2008 15:05:52 +0200
