lp:ubuntu/precise-security/sudo
- Get this branch:
- bzr branch lp:ubuntu/precise-security/sudo
Branch merges
Branch information
Recent revisions
- 58. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary file access via TZ
- debian/patches/ CVE-2014- 9680.patch: sanity check TZ env variable in
configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
pathnames.h.in, plugins/sudoers/ env.c.
- CVE-2014-9680 - 57. By Marc Deslauriers
-
* SECURITY UPDATE: security policy bypass when env_reset is disabled
- debian/patches/ CVE-2014- 0106.patch: fix logic inversion in
plugins/sudoers/ env.c.
- CVE-2014-0106
* debian/sudo.sudo. init, debian/ sudo-ldap. sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297) - 56. By Marc Deslauriers
-
* SECURITY UPDATE: authentication bypass via clock set to epoch
- debian/patches/ CVE-2013- 1775.patch: ignore time stamp file if it is
set to epoch in plugins/sudoers/ check.c.
- CVE-2013-1775 - 55. By Tyler Hicks
-
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
Host_List values
- debian/patches/ CVE-2012- 2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- CVE-2012-2337 - 54. By Marc Deslauriers
-
* SECURITY UPDATE: permissions bypass via format string
- debian/patches/ CVE-2012- 0809.patch: fix format string vulnerability
in src/sudo.c.
- CVE-2012-0809 - 53. By Marc Deslauriers
-
* debian/
sudo.preinst:
- updated to avoid conffile prompt by migrating to the new sudoers file
changes in Precise. (LP: #894410) - 52. By Marc Deslauriers
-
* Merge from debian/testing, remaining changes:
- debian/patches/ keep_home_ by_default. patch:
+ Set HOME in initial_keepenv_ table. (rebased for 1.8.3p1)
- debian/patches/ enable_ badpass. patch: turn on "mail_badpass" by default:
+ attempting sudo without knowing a login password is as bad as not
being listed in the sudoers file, especially if getting the password
wrong means doing the access-check-email- notification never happens
(rebased for 1.8.3p1)
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root. 8 (Ubuntu specific)
+ install apport hooks
+ The ubuntu-sudo-as- admin-successfu l.patch was taken upstream by
Debian however it requires a --enable-admin-flag configure flag to
actually enable it.
- debian/sudoers:
+ grant admin group sudo access
- debian/sudo-ldap. dirs, debian/sudo.dirs:
+ add usr/share/apport/ package- hooks
- debian/sudo.preinst:
+ avoid conffile prompt by checking for known default /etc/sudoers
and if found installing the correct default /etc/sudoers file - 51. By Kees Cook
-
* debian/
patches/ enable_ badpass. patch: turn on "mail_badpass" by default:
- attempting sudo without knowing a login password is as bad as not
being listed in the sudoers file, especially if getting the password
wrong means doing the access-check-email- notification never happens
(Closes: 641218). - 50. By Michael Vogt
-
* Merge from debian/unstable, remaining changes:
- debian/patches/ keep_home_ by_default. patch:
+ Set HOME in initial_keepenv_ table.
- debian/rules:
+ compile with --without-lecture --with-tty-tickets (Ubuntu specific)
+ install man/man8/sudo_root. 8 (Ubuntu specific)
+ install apport hooks
- debian/sudoers:
+ grant admin group sudo access
- debian/sudo-ldap. dirs, debian/sudo.dirs:
+ add usr/share/apport/ package- hooks
* drop debian/patches/ CVE-2011- 0010.patch, applied upstream now - 49. By Scott Moser
-
* debian/
sudo.preinst:
- if well-known ec2 vmbuilder file is found, write a file in
sudoers.d for the 'ubuntu' user (LP: #768625)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/sudo