---
- branch: pkgsrc-2010Q1
  date: Sat Jun  5 06:16:43 UTC 2010
  files:
  - new: 1.119.2.2
    old: 1.119.2.1
    path: pkgsrc/security/sudo/Makefile
    pathrev: pkgsrc/security/sudo/Makefile@1.119.2.2
    type: modified
  - new: 1.61.2.2
    old: 1.61.2.1
    path: pkgsrc/security/sudo/distinfo
    pathrev: pkgsrc/security/sudo/distinfo@1.61.2.2
    type: modified
  id: 20100605T061643Z.b8a3b53f7f6063caf5395077c90cc60bffc7e1cd
  log: "Pullup ticket 3137 - requested by kefren\nsecurity update\n\nRevisions pulled
    up:\n- pkgsrc/security/sudo/Makefile\t1.121\n- pkgsrc/security/sudo/distinfo\t1.63\n\n
    \  -------------------------------------------------------------------------\n
    \  Module Name:    pkgsrc\n   Committed By:   taca\n   Date:           Thu Jun
    \ 3 14:53:14 UTC 2010\n\n   Modified Files:\n           pkgsrc/security/sudo:
    Makefile distinfo\n\n   Log Message:\n   Update security/sudo package to 1.7.2p7.\n\n
    \  For more detail: http://www.sudo.ws/sudo/alerts/secure_path.html\n\n   Summary:\n
    \      Sudo \"secure path\" feature works by replacing the PATH environment\n
    \      variable with a value specified in the sudoers file, or at\n       compile
    time if the --with-secure-path configure option is used.\n       The flaw is that
    sudo only replaces the first instance of PATH\n       in the environment.  If
    the program being run through sudo uses\n       the last instance of PATH in the
    environment, an attacker may\n       be able to avoid the \"secure path\" restrictions.\n\n
    \  Sudo versions affected:\n       Sudo 1.3.1 through 1.6.9p22 and Sudo 1.7.0
    through 1.7.2p6.\n\n   To generate a diff of this commit:\n   cvs rdiff -u -r1.120
    -r1.121 pkgsrc/security/sudo/Makefile\n   cvs rdiff -u -r1.62 -r1.63 pkgsrc/security/sudo/distinfo\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2010Q1] pkgsrc/security/sudo'
  unixtime: '1275718603'
  user: spz