lp:ubuntu/hardy-updates/sudo

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

28. By Marc Deslauriers on 2013-02-27

* SECURITY UPDATE: authentication bypass via clock set to epoch
  - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
    set to epoch in check.c.
  - backported from ddf399e3e306ca238f6f1cda8153889b15bba12e
  - CVE-2013-1775

27. By Tyler Hicks on 2012-05-15

* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
  Host_List values
  - parse.c: Prevent IPv6 netmask-based address matching logic from
    incorrectly being applied to IPv4 addresses. Based on upstream patch
    written by Todd C. Miller.
  - CVE-2012-2337

26. By Jamie Strandboge on 2010-06-18

* SECURITY UPDATE: properly handle multiple PATH variables when using
  secure_path in env.c
  - http://www.sudo.ws/repos/sudo/raw-rev/3057fde43cf0
  - CVE-2010-1646

25. By Jamie Strandboge on 2010-04-13

* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
  pseudo-command when running from the current working directory and
  secure_path is disabled
  - CVE-2010-XXXX

24. By Jamie Strandboge on 2010-02-25

* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
  in parse.c
  - http://sudo.ws/repos/sudo/rev/f86e1b56d074
  - CVE-2010-0426
* SECURITY UPDATE: reset cached supplementary runas groups when changing
  the runas user in set_perms.c and sudo.c
  - http://sudo.ws/repos/sudo/rev/aa0b6c01c462
  - CVE-2010-0427

23. By Kees Cook on 2009-02-16

* SECURITY UPDATE: privilege escalation via non-default system groups.
  - parse.c: upstream fix for CVE-2009-0034:
    http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22

22. By Martin Pitt on 2008-02-25

env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
for "sudo apt-get ...". This is an EBW workaround for a design problem of
not having a system-wide proxy setting, but in order to not break existing
practice for upgrades we have to live with it for Hardy.

21. By Steve Langasek on 2008-01-22

No-change rebuild against libldap-2.4-2.

20. By Martin Pitt on 2008-01-02

* Merge with Debian unstable. Remaining Ubuntu changes:
  - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
    specific)
  - Add debian/sudo_root.8: Explanation of root handling through sudo.
    Install it in debian/rules. (Ubuntu specific)
  - sudo.c: If the user successfully authenticated and he is in the 'admin'
    group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
    profile checks for this and displays a short intro about sudo if the
    flag is not present. (Ubuntu specific)
* The password prompt asks for the target user's password now, not the
  invoking one's. (LP: #148498)

19. By Martin Pitt on 2007-12-04

* Merge with Debian unstable. Remaining Ubuntu changes:
  - debian/prerm: Abort package removal if there is no root password.
    (Debian #451241).
  - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
    specific)
  - Add debian/sudo_root.8: Explanation of root handling through sudo.
    Install it in debian/rules. (Ubuntu specific)
  - sudo.c: If the user successfully authenticated and he is in the 'admin'
    group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
    profile checks for this and displays a short intro about sudo if the
    flag is not present. (Ubuntu specific)
* sudo.c, parse.c: Apply a change that was missing from the older upstream
  tarball that fixes the upstream solution of "SETENV is implicit for ALL".
  We do not want to deviate our orig.tar.gz from Debian's, though.