Bug#658041: marked as done (Format string vulnerability in sudo [CVE 2012-0809])

Mon, 30 Jan 2012 15:36:28 -0800 

Your message dated Mon, 30 Jan 2012 23:33:22 +0000
with message-id <e1rs0iw-0005j2...@franck.debian.org>
and subject line Bug#657985: fixed in sudo 1.8.3p2-1
has caused the Debian Bug report #657985,
regarding Format string vulnerability in sudo [CVE 2012-0809]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
657985: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: sudo
Version: 1.8.3p1-2
Severity: serious
Tags: security

This is CVE 2012-0809

See http://www.sudo.ws/sudo/alerts/sudo_debug.html for details.

% ln /usr/bin/sudo ./%s -s
% ./%s -D9
debug_level: settings: [...]
progname: settings: %s=
implied_shell: settings: [...]
network_addrs: settings: [...]
[1]    28592 segmentation fault  ./%s -D9



Don Armstrong

-- 
Miracles had become relative common-places since the advent of
entheogens; it now took very unusual circumstances to attract public
attention to sightings of supernatural entities. The latest miracle
had raised the ante on the supernatural: the Virgin Mary had
manifested herself to two children, a dog, and a Public Telepresence
Point.
 -- Bruce Sterling, _Holy Fire_ p228

http://www.donarmstrong.com              http://rzlab.ucr.edu

--- End Message ---
--- Begin Message --- 
Source: sudo
Source-Version: 1.8.3p2-1

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.8.3p2-1_i386.deb
  to main/s/sudo/sudo-ldap_1.8.3p2-1_i386.deb
sudo_1.8.3p2-1.debian.tar.gz
  to main/s/sudo/sudo_1.8.3p2-1.debian.tar.gz
sudo_1.8.3p2-1.dsc
  to main/s/sudo/sudo_1.8.3p2-1.dsc
sudo_1.8.3p2-1_i386.deb
  to main/s/sudo/sudo_1.8.3p2-1_i386.deb
sudo_1.8.3p2.orig.tar.gz
  to main/s/sudo/sudo_1.8.3p2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 657...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bd...@gag.com> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Jan 2012 16:11:54 -0700
Source: sudo
Binary: sudo sudo-ldap
Architecture: source i386
Version: 1.8.3p2-1
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee <bd...@gag.com>
Changed-By: Bdale Garbee <bd...@gag.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 655894 657985
Changes: 
 sudo (1.8.3p2-1) unstable; urgency=high
 .
   * new upstream version, closes: #657985 (CVE-2012-0809)
   * patch from Pino Toscano to only use selinux on Linux, closes: #655894
Checksums-Sha1: 
 9ac9c1255340b73cc44a986e2b215f315df94aab 1857 sudo_1.8.3p2-1.dsc
 37d70b133f809116ce631229fa0e727d9f5125ad 1536943 sudo_1.8.3p2.orig.tar.gz
 2940af3d52feee1ce1721bb1b2d1b1734143e3d9 22814 sudo_1.8.3p2-1.debian.tar.gz
 d6d01340ddb851b6d08406c65615576777a5db94 674528 sudo_1.8.3p2-1_i386.deb
 a8629898088cb0a541a1ca774effa9d6c02c0943 699806 sudo-ldap_1.8.3p2-1_i386.deb
Checksums-Sha256: 
 c4cf35e8363e9b57009be9e43a8c9f4b92d8e6b29de32cafb74eda32c8111188 1857 
sudo_1.8.3p2-1.dsc
 7edcf02ef4dc4f26f524726e8faaa90d7939772c186409ab150d2934e3a9ba31 1536943 
sudo_1.8.3p2.orig.tar.gz
 6c22274246ac458fe1f7ff3c567fe89ba2137ef0b4a36bf1df445686976f4cd2 22814 
sudo_1.8.3p2-1.debian.tar.gz
 131e2d4dcb90e112eb4612f479dfc86d423cbafd40af17d108cbecbc670555ed 674528 
sudo_1.8.3p2-1_i386.deb
 294bfaef06666cc6f9928df829fab40b0050a16695e7d4cd91b03024961f883a 699806 
sudo-ldap_1.8.3p2-1_i386.deb
Files: 
 1b116db41cd1a25c5bd09107eb490d99 1857 admin optional sudo_1.8.3p2-1.dsc
 6d4282a1530c541f7900fa8dfcf2a882 1536943 admin optional 
sudo_1.8.3p2.orig.tar.gz
 ce7e9a896f1fabb7481900a34e46c7f2 22814 admin optional 
sudo_1.8.3p2-1.debian.tar.gz
 b828c290ffe87c97ba46fd0fc3c4b05f 674528 admin optional sudo_1.8.3p2-1_i386.deb
 6a86c012d05148ca9dc87c0c1d1ac442 699806 admin optional 
sudo-ldap_1.8.3p2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTycm/jqTYZbAldlBAQqpmA//a8wKUIlttEKwFXprHtcBczq+d8w9pA7c
UqbpbVg/3kahLGQOJAnbk3yP+RTaRma0L3z3E3Yo1LmWBnqaMQfzDoLHfwn6Mi0i
o7cch8Aa0CwX7LEkWDImFZBG861feZ/w+8ttBMbQO5FQ8Nm1Zw6Nq0yqGUdf/X/L
xARkVNq186Ad+sJ/ykzTAcqmDiE2rLRqNoaysIGZz15sGmmJvoSqY7VFtIziWoKT
c4SfaW1PF+qRmwrRJIUX9greAobljZUB7Ac49oRN5qb5rDQUekYV5RfwQ3C60AFD
vTb/1TrqHKY05OLsx5pb5l67Aa5rv3dIG60UVLABx6MnkHo/Zo7a14tIpF48X37I
94CzGJAZaWjSHt9waU2ZBTM6tO/cBXFt+MRKxA45+2xUuZCP0frW9RpMrZzA5vGl
LGwMU6IcFI4PixOOpQDpNpp7g9eIpZ9UEf9/izE8kinnaGKNYYgsH0x6sReGMByH
W60y1HZgCUSAaEuIJwsGc6V0rocek1D4dRLgswasiGeSW+yAp3aUseIsppOG3bFY
8growS4AVMEU2kdzPEHE+FbzS/s0QQ8OR/9GQ3tOnrEveTQFigRhpqidy1ZN8YFG
lSfalplasixJGkGGmu16dITLA89pbdcbBVPbbbPEMZjwvL6AlpMbMF4hTZODV5vK
344oePQ+dkU=
=d694
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to