Package: sudo / 1.8.5p2-1+nmu3+deb7u1

CVE-2014-9680-2.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
Description: Document handling of leading ':' when checking TZ variable
 Document that a leading ':' is skipped when checking TZ for a
 fully-qualified path name.
Origin: backport, http://www.sudo.ws/repos/sudo/rev/91859f613b88,
 http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0
Forwarded: not-needed
Author: Todd C. Miller <Todd.Miller@courtesan.com>
Author: Salvatore Bonaccorso <carnil@debian.org>
Author: Ben Hutchings <ben@decadent.org.uk>
Last-Update: 2016-01-05
Applied-Upstream: 1.8.12

--- a/doc/sudoers.pod
+++ b/doc/sudoers.pod
@@ -1574,8 +1574,9 @@ is considered unsafe if any of the follo
 
 =item *
 
-It consists of a fully-qualified path name that does not match
-the location of the I<zoneinfo> directory.
+It consists of a fully-qualified path name, optionally prefixed with a
+colon (':'), that does not match the location of the I<zoneinfo>
+directory.
 
 =item *
 
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1319,9 +1319,9 @@ SSUUDDOOEERRSS OOPPTTIIOONN
                        programs.  The TZ variable is considered unsafe if any
                        of the following are true:
 
-                       +o   It consists of a fully-qualified path name that
-                           does not match the location of the _z_o_n_e_i_n_f_o
-                           directory.
+                       +o   It consists of a fully-qualified path name,
+                           optionally prefixed with a colon (':'), that does
+                           not match the location of the _z_o_n_e_i_n_f_o directory.
 
                        +o   It contains a _._. path element.
 
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -1613,8 +1613,9 @@ format vulnerabilities in poorly-written
 is considered unsafe if any of the following are true:
 .RS 16
 .IP "\(bu" 4
-It consists of a fully-qualified path name that does not match
-the location of the \fIzoneinfo\fR directory.
+It consists of a fully-qualified path name, optionally prefixed with a
+colon (':'), that does not match the location of the \fIzoneinfo\fR
+directory.
 .IP "\(bu" 4
 It contains a \fI..\fR path element.
 .IP "\(bu" 4