Package: sudo / 1.8.27-1+deb10u2

Metadata

Package Version Patches format
sudo 1.8.27-1+deb10u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
typo in classic insults.diff | (download)

plugins/sudoers/ins_classic.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
paths in samples.diff | (download)

examples/sudoers | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

---
Whitelist DPKG_COLORS environment variable.diff | (download)

plugins/sudoers/env.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] whitelist dpkg_colors environment variable


sudo_minus_1_uid.diff | (download)

lib/util/strtoid.c | 100 53 + 47 - 0 !
1 file changed, 53 insertions(+), 47 deletions(-)

 treat an id of -1 as invalid since that means "no change".
 Fixes CVE-2019-14287.
 Found by Joe Vennix from Apple Information Security.
strtoid_minus_1_test_fix.diff | (download)

lib/util/regress/atofoo/atofoo_test.c | 38 28 + 10 - 0 !
plugins/sudoers/regress/testsudoers/test5.out.ok | 2 1 + 1 - 0 !
plugins/sudoers/regress/testsudoers/test5.sh | 2 1 + 1 - 0 !
3 files changed, 30 insertions(+), 12 deletions(-)

 fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
 Fix test failure after fix for CVE-2019-14287 .
Fix a buffer overflow when pwfeedback is enabled and.patch | (download)

src/tgetpass.c | 20 12 + 8 - 0 !
1 file changed, 12 insertions(+), 8 deletions(-)

 fix a buffer overflow when pwfeedback is enabled and input is a not a
 tty. In getln() if the user enters ^U (erase line) and the write(2) fails,
 the remaining buffer size is reset but the current pointer is not. While
 here, fix an incorrect break for erase when write(2) fails. Also disable
 pwfeedback when input is not a tty as it cannot work. CVE-2019-18634 Credit:
 Joe Vennix from Apple Information Security.