* [Buildroot] [PATCH] package/sudo: security bump to version 1.8.28
@ 2019-10-15 6:59 Baruch Siach
2019-10-15 7:21 ` Thomas Petazzoni
2019-10-29 10:51 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Baruch Siach @ 2019-10-15 6:59 UTC (permalink / raw)
To: buildroot
Fixes CVE-2019-14287: a sudo user may be able to run a command as root
when the Runas specification explicitly disallows root access as long as
the ALL keyword is listed first.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/sudo/sudo.hash | 2 +-
package/sudo/sudo.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/sudo/sudo.hash b/package/sudo/sudo.hash
index 8a3511df8210..179595298851 100644
--- a/package/sudo/sudo.hash
+++ b/package/sudo/sudo.hash
@@ -1,4 +1,4 @@
# From: http://www.sudo.ws/download.html
-sha256 7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd33e2ec0 sudo-1.8.27.tar.gz
+sha256 9129fa745a08caff0ce2042d2162b38eb9bf73bf43fcb248ac8b3a750c1f13a1 sudo-1.8.28.tar.gz
# Locally calculated
sha256 e0e7990185834e9f08f3e922905d7bfaf998d13be668c6026d2586b1718210ba doc/LICENSE
diff --git a/package/sudo/sudo.mk b/package/sudo/sudo.mk
index 48c89210434e..cf8b63b1db9a 100644
--- a/package/sudo/sudo.mk
+++ b/package/sudo/sudo.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SUDO_VERSION = 1.8.27
+SUDO_VERSION = 1.8.28
SUDO_SITE = https://www.sudo.ws/sudo/dist
SUDO_LICENSE = ISC, BSD-3-Clause
SUDO_LICENSE_FILES = doc/LICENSE
--
2.23.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/sudo: security bump to version 1.8.28
2019-10-15 6:59 [Buildroot] [PATCH] package/sudo: security bump to version 1.8.28 Baruch Siach
@ 2019-10-15 7:21 ` Thomas Petazzoni
2019-10-29 10:51 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2019-10-15 7:21 UTC (permalink / raw)
To: buildroot
On Tue, 15 Oct 2019 09:59:07 +0300
Baruch Siach <baruch@tkos.co.il> wrote:
> Fixes CVE-2019-14287: a sudo user may be able to run a command as root
> when the Runas specification explicitly disallows root access as long as
> the ALL keyword is listed first.
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> package/sudo/sudo.hash | 2 +-
> package/sudo/sudo.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/sudo: security bump to version 1.8.28
2019-10-15 6:59 [Buildroot] [PATCH] package/sudo: security bump to version 1.8.28 Baruch Siach
2019-10-15 7:21 ` Thomas Petazzoni
@ 2019-10-29 10:51 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2019-10-29 10:51 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Fixes CVE-2019-14287: a sudo user may be able to run a command as root
> when the Runas specification explicitly disallows root access as long as
> the ALL keyword is listed first.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2019.02.x and 2019.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-10-29 10:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-15 6:59 [Buildroot] [PATCH] package/sudo: security bump to version 1.8.28 Baruch Siach
2019-10-15 7:21 ` Thomas Petazzoni
2019-10-29 10:51 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.