-
sudo (1.8.10p3-1+deb8u5) jessie; urgency=medium
* Non-maintainer upload.
* Use /proc/self consistently on Linux
* CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)
-- Salvatore Bonaccorso <email address hidden> Tue, 08 Aug 2017 21:44:31 +0200
-
sudo (1.8.10p3-1+deb8u4) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2017-1000367: Fix parsing of /proc/[pid]/stat
-- Salvatore Bonaccorso <email address hidden> Sun, 28 May 2017 13:25:43 +0200
-
sudo (1.8.10p3-1+deb8u3) jessie-security; urgency=medium
* Non-maintainer upload
* Disable editing of files via user-controllable symlinks
(Closes: #804149) (CVE-2015-5602)
- sudoedit path restriction bypass using symlinks
- Change warning when user tries to sudoedit a symbolic link
- Open sudoedit files with O_NONBLOCK and fail if they are not regular files
- Remove S_ISREG check from sudo_edit_open(), it is already done in the
caller
- Add directory writability checks for sudoedit
- Fix directory writability checks for sudoedit
- Enable sudoedit directory writability checks by default
-- Ben Hutchings <email address hidden> Tue, 05 Jan 2016 19:37:34 +0000
-
sudo (1.8.10p3-1+deb8u2) testing-proposed-updates; urgency=medium
* Non-maintainer upload.
[ Salvatore Bonaccorso ]
* Add CVE-2014-9680-1.patch patch.
CVE-2014-9680: unsafe handling of TZ environment variable. (Closes: #772707)
* Add CVE-2014-9680-2.patch patch.
Documents that a leading ':' is skipped when checking TZ for a
fully-qualified path name.
[ Christian Kastner ]
* In the *.preinst scripts, make sure that dpkg --compare-versions actually
has two versions to compare. Closes: #776137
* Also in the *.preinst scripts, make sure that /etc/sudoers exists before
attempting to chown/chmod it
* Include patch from Jakub Wilk to fix 'ignoring time stamp from the
future' messages. Closes: #764817
-- Christian Kastner <email address hidden> Sun, 01 Mar 2015 18:56:17 +0100
-
sudo (1.8.10p3-1+deb8u1) testing-proposed-updates; urgency=medium
* Non-maintainer upload.
* Backport upstream's fix for host specifications using a FQDN. These were
no longer working since 1.8.8. Closes: #731583
-- Christian Kastner <email address hidden> Sat, 17 Jan 2015 15:39:31 +0100
-
sudo (1.8.10p3-1) unstable; urgency=low
* new upstream release
* add hardening=+all to match login and su
* updated VCS URLs and crypto verified watch file, closes: #747473
* harmonize configure options for LDAP version to match non-LDAP version,
in particular stop using --with-secure-path and add configure_args
* enable audit support on Linux systems, closes: #745779
* follow upstream change from --with-timedir to --with-rundir
-- Bdale Garbee <email address hidden> Sun, 14 Sep 2014 10:20:15 -0600
-
sudo (1.8.9p5-1) unstable; urgency=low
* new upstream release, closes: #735328
-- Bdale Garbee <email address hidden> Tue, 04 Feb 2014 11:46:19 -0700
-
sudo (1.8.9p4-1) unstable; urgency=low
* new upstream release, closes: #732008
-- Bdale Garbee <email address hidden> Wed, 15 Jan 2014 14:55:25 -0700
-
sudo (1.8.8-2) unstable; urgency=low
* fix touch errors on boot, closes: #725193
-- Bdale Garbee <email address hidden> Tue, 08 Oct 2013 20:11:38 -0600
-
sudo (1.8.7-3) unstable; urgency=low
* use --with-sssd-lib to help sudo find libsss-sudo in multiarch path,
closes: #719987
-- Bdale Garbee <email address hidden> Sat, 17 Aug 2013 15:38:53 +0200
-
sudo (1.8.5p2-1+nmu1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1775: authentication bypass when the clock is set to the UNIX
epoch [00:00:00 UTC on 1 January 1970] (closes: #701838).
* Fix cve-2013-1776: session id hijacking from another authorized tty
(closes: #701839).
-- Michael Gilbert <email address hidden> Fri, 01 Mar 2013 03:26:37 +0000