-
sudo (1.9.13p1-1ubuntu2) lunar; urgency=medium
* SECURITY UPDATE: double free with per-command chroot sudoers rules
- debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in
MANIFEST, plugins/sudoers/match_command.c,
plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
plugins/sudoers/regress/testsudoers/test20.out.ok,
plugins/sudoers/regress/testsudoers/test20.sh,
plugins/sudoers/testsudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-27320
-- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 08:51:34 -0500
-
sudo (1.9.13p1-1ubuntu1) lunar; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- debian/control:
+ Drop Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
(for context see LP: 1915250)
- Drop patches for issues fixed upstream
+ d/p/CVE-2023-22809.patch
+ d/p/Add-XDG_CURRENT_DESKTOP-to-initial_keepenv_table.patch
sudo (1.9.13p1-1) unstable; urgency=medium
* new upstream version 1.9.13p1
* remove unnecessary changelog creation patch
* remove lsb-base from dependencies
sudo (1.9.12p2-1) unstable; urgency=high
* new upstream version 1.9.12p2
* this fixes CVE-2023-22809:
Sudoedit can edit arbitrary files
sudo (1.9.12p1-1) unstable; urgency=low
* new upstream version 1.9.12p1
* update patches
* update debian/copyright
* Add upstream patch to silence libgcrypt error message.
Thanks to Francesco P. Lovergine (Closes: #1019428)
* Standards-Version: 4.6.2 (no changes necessary)
* clean out obsolete lintian overrides
* Add patch to disable regeneration of upstream ChangeLog from git.
Thanks to Gioele Barabucci (Closes: #1025740)
* remove extra whitespace from debconf-get-selections output.
* add autopkgtest for sudo with sssd (Closes: #1004910)
[ Niels Thykier ]
* Support building sudo without (fake)root.
[ Gioele Barabucci ]
* Use dh_installnss to add ldap to sudoers NSS database
* Add libnss-sudo package. (Closes: #1023524)
-- Danilo Egea Gondolfo <email address hidden> Mon, 20 Feb 2023 17:38:07 +0000
-
sudo (1.9.11p3-1ubuntu3) lunar; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-22809
-- Marc Deslauriers <email address hidden> Wed, 18 Jan 2023 12:46:34 -0500
-
sudo (1.9.11p3-1ubuntu2) lunar; urgency=medium
* No-change rebuild against libldap-2
-- Steve Langasek <email address hidden> Thu, 15 Dec 2022 19:57:01 +0000
-
sudo (1.9.11p3-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/control:
+ Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1)
- debian/sudo[-ldap].manpages: install man/man8/sudo_root.8
- debian/sudo[-ldap].init: delete init scripts, as they are no longer
necessary.
- debian/etc/pam.d/sudo[-i]:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons.
- debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path
- debian/tests/control: 03-getroot-ldap:
+ allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes)
- Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the
correct theme (LP: #1958055)
sudo (1.9.11p3-1) unstable; urgency=low
* new upstream version 1.9.11p3
-- Benjamin Drung <email address hidden> Tue, 23 Aug 2022 10:06:34 +0200
