-
sudo (1.8.5p2-1+nmu3+deb7u1) wheezy-security; urgency=medium
* Non-maintainer upload
* Fix CVE-2014-9680-{1,2}.patch to edit sudoers.pod, not just the
generated docs
* Disable editing of files via user-controllable symlinks
(Closes: #804149) (CVE-2015-5602)
- sudoedit path restriction bypass using symlinks
- Change warning when user tries to sudoedit a symbolic link
- Open sudoedit files with O_NONBLOCK and fail if they are not regular files
- Remove S_ISREG check from sudo_edit_open(), it is already done in the
caller
- Add directory writability checks for sudoedit
- Fix directory writability checks for sudoedit
- Enable sudoedit directory writability checks by default
-- Ben Hutchings <email address hidden> Tue, 05 Jan 2016 18:48:03 +0000
-
sudo (1.8.5p2-1+nmu3) wheezy; urgency=medium
* Non-maintainer upload with maintainer approval.
* Backport from 1.8.7-1: "recognize lenny and squeeze unmodified sudoers" to
avoid dpkg questions about modified conffiles on upgrades to wheezy.
(Closes: #660594)
* *.preinst: Recognize the unmodified /etc/sudoers from sudo-ldap/lenny.
-- Andreas Beckmann <email address hidden> Thu, 30 Apr 2015 21:22:34 +0200
-
sudo (1.8.5p2-1+nmu1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1775: authentication bypass when the clock is set to the UNIX
epoch [00:00:00 UTC on 1 January 1970] (closes: #701838).
* Fix cve-2013-1776: session id hijacking from another authorized tty
(closes: #701839).
-- Michael Gilbert <email address hidden> Fri, 01 Mar 2013 03:26:37 +0000
-
sudo (1.8.5p2-1) unstable; urgency=low
* new upstream version
* patch to use flock on hurd, run autoconf in rules, closes: #655883
* patch to avoid calling unlink with null pointer on hurd, closes: #655948
* patch to actually use hardening build flags, closes: #655417
* fix sudo-ldap.postinst syntax issue, closes: #669576
-- Bdale Garbee <email address hidden> Thu, 28 Jun 2012 12:01:37 -0600
-
sudo (1.8.3p2-1.1) unstable; urgency=high
* Non-maintainer upload.
* SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
values (LP: #1000276, Closes: #673766, CVE-2012-2337)
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
-- Dmitrijs Ledkovs <email address hidden> Tue, 22 May 2012 12:23:00 +0100
-
sudo (1.8.3p2-1) unstable; urgency=high
* new upstream version, closes: #657985 (CVE-2012-0809)
* patch from Pino Toscano to only use selinux on Linux, closes: #655894
-- Bdale Garbee <email address hidden> Mon, 30 Jan 2012 16:11:54 -0700
-
sudo (1.8.3p1-2) unstable; urgency=low
* if upgrading from squeeze, and the sudoers file is unmodified, avoid
the packaging system prompting the user about a change they didn't make
now that sudoers is a conffile, closes: #612532, #636049
* add a recommendation for the use of visudo to the sudoers.d/README file,
closes: #648104
-- Bdale Garbee <email address hidden> Sat, 12 Nov 2011 16:27:13 -0700
-
sudo (1.8.3p1-1) unstable; urgency=low
* new upstream version, closes: #646478
-- Bdale Garbee <email address hidden> Thu, 27 Oct 2011 01:03:44 +0200
-
sudo (1.8.2-2) unstable; urgency=low
[ Luca Capello ]
* debian/rules improvements, closes: #642535
+ mv upstream sample.* files to the examples folder.
- do not call dh_installexamples.
[ Bdale Garbee ]
* patch from upstream for SIGBUS on sparc64, closes: #640304
* use common-session-noninteractive in the pam config to reduce log noise
when sudo is used in cron, etc, closes: #519700
* patch from Steven McDonald to fix segfault on startup under certain
conditions, closes: #639568
* add a NEWS entry regarding the secure_path change made in 1.8.2-1,
closes: #639336
-- Bdale Garbee <email address hidden> Mon, 26 Sep 2011 21:55:56 -0600
-
sudo (1.8.2-1) unstable; urgency=low
* new upstream version, closes: #637449, #621830
* include common-session in pam config, closes: #519700, #607199
* move secure_path from configure to default sudoers, closes: #85123, 85917
* improve sudoers self-documentation, closes: #613639
* drop --disable-setresuid since modern systems should not run 2.2 kernels
* lose the --with-devel configure option since it's breaking builds in
subdirectories for some reason
-- Bdale Garbee <email address hidden> Wed, 24 Aug 2011 13:33:11 -0600
-
sudo (1.7.4p6-1) unstable; urgency=low
* new upstream version * touch the right stamp name after configuring, closes: #611287 * patch from Svante Signell to fix build problem on Hurd, closes: #611290 -- Bdale Garbee <email address hidden> Wed, 09 Feb 2011 11:32:58 -0700
-
sudo (1.7.4p4-6) unstable; urgency=low
* update /etc/sudoers.d/README now that sudoers is a conffile * patch from upstream to fix special case in password checking code when only the gid is changing, closes: #609641 -- Bdale Garbee <email address hidden> Tue, 11 Jan 2011 10:22:39 -0700