ubuntu/+source/sudo:ubuntu/lucid-updates

Last commit made on 2015-03-16
Get this branch:
git clone -b ubuntu/lucid-updates https://git.launchpad.net/ubuntu/+source/sudo
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/lucid-updates
Repository:
lp:ubuntu/+source/sudo

Recent commits

18c7b47... by Marc Deslauriers on 2015-03-12

Import patches-unapplied version 1.7.2p1-1ubuntu5.8 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 14d47378dfff3c89f5db84122f1f85278b5a98f7

New changelog entries:
  * SECURITY UPDATE: arbitrary file access via TZ
    - configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
      pathnames.h.in, plugins/sudoers/env.c: sanity check TZ env variable.
    - http://www.sudo.ws/repos/sudo/rev/650ac6938b59
    - http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0
    - http://www.sudo.ws/repos/sudo/rev/91859f613b88
    - http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0
    - CVE-2014-9680

14d4737... by Marc Deslauriers on 2014-03-10

Import patches-unapplied version 1.7.2p1-1ubuntu5.7 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 05d4d20b4212317d771e3cc95ef9946bc8879a96

New changelog entries:
  * SECURITY UPDATE: security policy bypass when env_reset is disabled
    - env.c: fix logic inversion
    - http://www.sudo.ws/repos/sudo/rev/748cefb49422
    - CVE-2014-0106

05d4d20... by Marc Deslauriers on 2013-02-27

Import patches-unapplied version 1.7.2p1-1ubuntu5.6 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 1df9541fc5f44f19ac02db78ac45748359f4f480

New changelog entries:
  * SECURITY UPDATE: authentication bypass via clock set to epoch
    - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
      set to epoch in check.c.
    - backported from ddf399e3e306ca238f6f1cda8153889b15bba12e
    - CVE-2013-1775

1df9541... by Marc Deslauriers on 2012-11-22

Import patches-unapplied version 1.7.2p1-1ubuntu5.5 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 73af2ef010f38cf1fb57e6921b8acf34819b3b74

New changelog entries:
  * toke.{cl}: avoid duplicate fclose() of the sudoers file (LP: #553786)
    - http://www.sudo.ws/repos/sudo/rev/164d39108dde

73af2ef... by Tyler Hicks on 2012-05-16

Import patches-unapplied version 1.7.2p1-1ubuntu5.4 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 76f605c6c625f030e6eeefb2e3468ba08cd82741

New changelog entries:
  * SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
    Host_List values
    - match.c: Prevent IPv6 netmask-based address matching logic from
      incorrectly being applied to IPv4 addresses. Based on upstream patch
      written by Todd C. Miller.
    - CVE-2012-2337

76f605c... by Jamie Strandboge on 2011-01-19

Import patches-unapplied version 1.7.2p1-1ubuntu5.3 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: e1c82b7cab195ec78cef96a01f376d45444a9edf

New changelog entries:
  * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
    - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
      48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
      only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
      Going forward, will need to look at this code also if a flaw is found in
      this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
      and 6ebc55d4716b.
    - check.c: prompt for password when the user is running sudo as himself
      but as a different group. Backported from fe8a94f96542.
    - CVE-2011-0010

e1c82b7... by Jamie Strandboge on 2010-08-31

Import patches-unapplied version 1.7.2p1-1ubuntu5.2 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 268c5d7d638352fa0e53c37a80384a5f4a2c234a

New changelog entries:
  * SECURITY UPDATE: privilege escalation via '-g' option when using
    'user:group' in Runas_Spec
    - update match.c to verify both user and group match sudoers when using
      '-g'. Patch thanks to upstream.
    - CVE-2010-2956

268c5d7... by Jamie Strandboge on 2010-06-18

Import patches-unapplied version 1.7.2p1-1ubuntu5.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 8ea089444129491094386c28ae7b5ea452aadb34

New changelog entries:
  * SECURITY UPDATE: properly handle multiple PATH variables when using
    secure_path in env.c
    - http://www.sudo.ws/repos/sudo/raw-rev/a09c6812eaec
    - CVE-2010-1646

8ea0894... by Jamie Strandboge on 2010-04-07

Import patches-unapplied version 1.7.2p1-1ubuntu5 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 820967ac3898955f3fbede6b91dbbbeebdb913c3

New changelog entries:
  * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
    pseudo-command when running from the current working directory and
    secure_path is disabled
    - CVE-2010-XXXX

820967a... by Martin Pitt on 2010-03-26

Import patches-unapplied version 1.7.2p1-1ubuntu4 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: c7c723ffbfa80a0c72b264d011032cada059729f

New changelog entries:
  * env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific
    EBW hack, caused inconsistencies with other proxy variables (such as
    https_proxy and ftp_proxy), made sudo incompatible to upstream
    behaviour/documentation. This is solved in a much better way in apt itself
    and gnome-network-properties now. (LP: #432631)