Package: sudo / 1.7.4p4-2.squeeze.6
Metadata
Package | Version | Patches format |
---|---|---|
sudo | 1.7.4p4-2.squeeze.6 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
typo in classic insults.diff | (download) |
ins_classic.h |
2 1 + 1 - 0 ! |
--- |
env.c safety.diff | (download) |
env.c |
13 13 + 0 - 0 ! |
--- |
paths in samples.diff | (download) |
sample.sudoers |
10 5 + 5 - 0 ! |
--- |
debian changes 1.7.4p4 2.squeeze.2 | (download) |
check.c |
8 7 + 1 - 0 ! |
upstream changes introduced in version 1.7.4p4-2.squeeze.2 This patch has been created by dpkg-source during the package build. Here's the last changelog entry, hopefully it gives details on why those changes were made: . sudo (1.7.4p4-2.squeeze.2) stable; urgency=low . * patch from upstream to resolve interoperability problem between HOME in env_keep and the -H flag, originally closed #596493, applying this to to squeeze also closes: #614232 . The person named in the Author field signed this changelog entry. |
CVE 2012 2337.diff | (download) |
match.c |
5 4 + 1 - 0 ! |
prevent ipv6 netmask-based address matching logic from incorrectly being applied to IPv4 addresses. |
debian changes 1.7.4p4 2.squeeze.3 | (download) |
match.c |
2 1 + 1 - 0 ! |
upstream changes introduced in version 1.7.4p4-2.squeeze.3 This patch has been created by dpkg-source during the package build. Here's the last changelog entry, hopefully it gives details on why those changes were made: . sudo (1.7.4p4-2.squeeze.3) stable-security; urgency=high . * CVE-2012-2337 . The person named in the Author field signed this changelog entry. |
cve 2013 1775.patch | (download) |
check.c |
53 28 + 25 - 0 ! |
--- |
cve 2013 1776.patch | (download) |
check.c |
4 3 + 1 - 0 ! |
--- |
CVE 2014 9680 1.patch | (download) |
aclocal.m4 |
20 20 + 0 - 0 ! |
cve-2014-9680: unsafe handling of tz environment variable The TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs in the C library's TZ parser or open files the user would not otherwise have access to. Arbitrary file access via TZ could also be used in a denial of service attack by reading from a file or fifo that will block. |
CVE 2014 9680 2.patch | (download) |
sudoers.man.in |
5 3 + 2 - 0 ! |
document handling of leading ':' when checking tz variable Document that a leading ':' is skipped when checking TZ for a fully-qualified path name. |
CVE 2014 0106.patch | (download) |
env.c |
2 1 + 1 - 0 ! |
cve-2014-0106: security policy bypass when env_reset is disabled Fix logic inversion when checking environment variables on the command line against the blacklist. This is only a problem when env_reset is disabled. |
CVE 2015 5602 1.patch | (download) |
compat.h |
3 3 + 0 - 0 ! |
cve-2015-5602: sudoedit path restriction bypass using symlinks Do not follow symbolic links in sudoedit by default. This behavior can be controlled by the sudoedit_follow Defaults flag as well as the FOLLOW/NOFOLLOW tags. |
CVE 2015 5602 1 generated.patch | (download) |
def_data.c |
4 4 + 0 - 0 ! |
cve-2015-5602: sudoedit path restriction bypass using symlinks Files regenerated for changes in CVE-2015-5602-1.patch Bug: https://bugzilla.sudo.ws/show_bug.cgi?id=707 Bug-Debian: https://bugs.debian.org/804149 |
CVE 2015 5602 2.patch | (download) |
sudo_edit.c |
8 5 + 3 - 0 ! |
change warning when user tries to sudoedit a symbolic link. |
CVE 2015 5602 3.patch | (download) |
sudo_edit.c |
43 34 + 9 - 0 ! |
open sudoedit files with o_nonblock and fail if they are not regular files. |
CVE 2015 5602 4.patch | (download) |
sudo_edit.c |
21 2 + 19 - 0 ! |
remove s_isreg check from sudo_edit_open(), it is already done in the caller. |
CVE 2015 5602 5.patch | (download) |
configure.in |
2 1 + 1 - 0 ! |
cve-2015-5602: add directory writability checks for sudoedit. |
CVE 2015 5602 5 generated.patch | (download) |
config.h.in |
3 3 + 0 - 0 ! |
cve-2015-5602: sudoedit path restriction bypass using symlinks Files regenerated for changes in CVE-2015-5602-5.patch Bug: https://bugzilla.sudo.ws/show_bug.cgi?id=707 Bug-Debian: https://bugs.debian.org/804149 |
CVE 2015 5602 6.patch | (download) |
sudo_edit.c |
66 37 + 29 - 0 ! |
cve-2015-5602: fix directory writability checks for sudoedit. Bug: https://bugzilla.sudo.ws/show_bug.cgi?id=707 Bug-Debian: https://bugs.debian.org/804149 |
CVE 2015 5602 7.patch | (download) |
defaults.c |
1 1 + 0 - 0 ! |
cve-2015-5602: enable sudoedit directory writability checks by default Bug: https://bugzilla.sudo.ws/show_bug.cgi?id=707 Bug-Debian: https://bugs.debian.org/804149 |