Now
pkgsrc-2017Q1 commitmail json YAML
Pullup ticket #5477 - requested by sevan
security/sudo: security fix
Revisions pulled up:
- security/sudo/Makefile 1.155
- security/sudo/distinfo 1.92
---
Module Name: pkgsrc
Committed By: spz
Date: Wed Jun 7 05:41:53 UTC 2017
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
update to version 1.8.20p2
upstream changelog:
2017-05-31 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* NEWS, configure, configure.ac:
Sudo 1.8.20p2
[47836f4c9834]
* src/ttyname.c:
A command name may also contain newline characters so read
/proc/self/stat until EOF. It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any. With help from Qualys.
This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
[15a46f4007dd]
2017-05-30 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* src/ttyname.c:
Use /proc/self consistently on Linux. As far as I know, only AIX
doesn't support /proc/self.
[6f3d9816541b]
security/sudo: security fix
Revisions pulled up:
- security/sudo/Makefile 1.155
- security/sudo/distinfo 1.92
---
Module Name: pkgsrc
Committed By: spz
Date: Wed Jun 7 05:41:53 UTC 2017
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
update to version 1.8.20p2
upstream changelog:
2017-05-31 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* NEWS, configure, configure.ac:
Sudo 1.8.20p2
[47836f4c9834]
* src/ttyname.c:
A command name may also contain newline characters so read
/proc/self/stat until EOF. It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any. With help from Qualys.
This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
[15a46f4007dd]
2017-05-30 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* src/ttyname.c:
Use /proc/self consistently on Linux. As far as I know, only AIX
doesn't support /proc/self.
[6f3d9816541b]