lp:ubuntu/lucid-proposed/sudo

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

41. By Marc Deslauriers on 2012-11-22

* toke.{cl}: avoid duplicate fclose() of the sudoers file (LP: #553786)
  - http://www.sudo.ws/repos/sudo/rev/164d39108dde

40. By Tyler Hicks on 2012-05-15

* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
  Host_List values
  - match.c: Prevent IPv6 netmask-based address matching logic from
    incorrectly being applied to IPv4 addresses. Based on upstream patch
    written by Todd C. Miller.
  - CVE-2012-2337

39. By Jamie Strandboge on 2011-01-19

* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
  - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
    48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
    only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
    Going forward, will need to look at this code also if a flaw is found in
    this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
    and 6ebc55d4716b.
  - check.c: prompt for password when the user is running sudo as himself
    but as a different group. Backported from fe8a94f96542.
  - CVE-2011-0010

38. By Jamie Strandboge on 2010-08-31

* SECURITY UPDATE: privilege escalation via '-g' option when using
  'user:group' in Runas_Spec
  - update match.c to verify both user and group match sudoers when using
    '-g'. Patch thanks to upstream.
  - CVE-2010-2956

37. By Jamie Strandboge on 2010-06-18

* SECURITY UPDATE: properly handle multiple PATH variables when using
  secure_path in env.c
  - http://www.sudo.ws/repos/sudo/raw-rev/a09c6812eaec
  - CVE-2010-1646

36. By Jamie Strandboge on 2010-04-07

* SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
  pseudo-command when running from the current working directory and
  secure_path is disabled
  - CVE-2010-XXXX

35. By Martin Pitt on 2010-03-26

env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
EBW hack, caused inconsistencies with other proxy variables (such as
https_proxy and ftp_proxy), made sudo incompatible to upstream
behaviour/documentation. This is solved in a much better way in apt itself
and gnome-network-properties now. (LP: #432631)

34. By Marc Deslauriers on 2010-03-07

debian/sudo.postinst, debian/sudo-ldap.postinst: update description to
match behaviour in sudoers file. (LP: #534090)

33. By Jamie Strandboge on 2010-02-24

* SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command
  in match.c
  - http://sudo.ws/repos/sudo/rev/88f3181692fe
  - CVE-2010-0426

32. By Marc Deslauriers on 2010-02-08

* Merge from debian testing. Remaining changes:
 - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
   specific)
 - Add debian/sudo_root.8: Explanation of root handling through sudo.
   Install it in debian/rules. (Ubuntu specific)
 - sudo.c: If the user successfully authenticated and he is in the 'admin'
   group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
   profile checks for this and displays a short intro about sudo if the
   flag is not present. (Ubuntu specific)
 - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept
   for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at
   some point)
 - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script
   installation. Debian reintroduced it because /var/run tmpfs is not the
   default there, but has been on Ubuntu for ages.
 - debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook