Your message dated Thu, 24 Dec 2015 05:19:31 +0000
with message-id <e1abyjh-0005cy...@franck.debian.org>
and subject line Bug#804149: fixed in sudo 1.8.15-1
has caused the Debian Bug report #804149,
regarding CVE-2015-5602: Unauthorized privilege escalation in sudoedit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
804149: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sudo
Version: 1.7.4p4-2.squeeze.4
Severity: critical
Tags: upstream security
Justification: root security hole
Hi,
Apparently a security has been disclosed (CVE-2015-5602) allowing users
to open files with sudoedit that is not supposed to using a symlinks,
see: https://www.exploit-db.com/exploits/37710/
Upstream has released a new fixed version by no following the symlinks
by default.
But according to this comment[0], this is not fixing the issue
completely.
Cheers,
Laurent Bigonville
[0]
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1512781/comments/1
--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.8.15-1
We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 804...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bdale Garbee <bd...@gag.com> (supplier of updated sudo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Dec 2015 11:15:22 -0700
Source: sudo
Binary: sudo sudo-ldap
Architecture: source amd64
Version: 1.8.15-1
Distribution: unstable
Urgency: low
Maintainer: Bdale Garbee <bd...@gag.com>
Changed-By: Bdale Garbee <bd...@gag.com>
Description:
sudo - Provide limited super user privileges to specific users
sudo-ldap - Provide limited super user privileges to specific users
Closes: 804149
Changes:
sudo (1.8.15-1) unstable; urgency=low
.
* new upstream version, closes: #804149
* use --with-exampledir to deliver example files more cleanly
Checksums-Sha1:
5b96d2b4e4a7905a7364b4289a456a467839b515 1954 sudo_1.8.15-1.dsc
acb5ff3f38fa9e0365f6a91a6620b9846e2ad843 2660128 sudo_1.8.15.orig.tar.gz
40e11c6db71650b97d42d829a982a598ddb58f7b 22780 sudo_1.8.15-1.debian.tar.xz
12a5283ab6d39b362a798fc9746a6bb866d4264d 632758 sudo-dbgsym_1.8.15-1_amd64.deb
e4159a1a9f09737a26399c0feaed3dd6ed73ce72 655768
sudo-ldap-dbgsym_1.8.15-1_amd64.deb
4e745063614f18882a43ed33b32397868312718d 1011496 sudo-ldap_1.8.15-1_amd64.deb
415d181becb2f77ae7e2e71cfeba9d1464dd70a7 982480 sudo_1.8.15-1_amd64.deb
Checksums-Sha256:
c527c16ccb8f8fb53a22ddb9e52abfba4952a77eb7c0a3fabf2e0c568a45da61 1954
sudo_1.8.15-1.dsc
4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308 2660128
sudo_1.8.15.orig.tar.gz
a9ff349974c2a7926aa7e61a0ed3bd41ed45c188a348ec813417c9131e0158dc 22780
sudo_1.8.15-1.debian.tar.xz
595df09993452ed99304f76c95f3363a655d935416bc4eda06c796af86ff792d 632758
sudo-dbgsym_1.8.15-1_amd64.deb
aadb1f17f226f8cb06be0f4cf629e1195b9c08421766fd1d87ed295c96ec37bc 655768
sudo-ldap-dbgsym_1.8.15-1_amd64.deb
6c4e0b332f642b6a849a8d943e1e085d5e26c4eff6e4a286a82514b296134958 1011496
sudo-ldap_1.8.15-1_amd64.deb
f27ad382ff5ca16d09deaee68ecceb3ab536f0249f59fb2307f543e9b7597c71 982480
sudo_1.8.15-1_amd64.deb
Files:
e048d01594338c5a1c40c74d8847cc1b 1954 admin optional sudo_1.8.15-1.dsc
7cf6b9b76d0478a572432bed481dd7b5 2660128 admin optional sudo_1.8.15.orig.tar.gz
122d9ea4b9b46dd5c2942e759dd33e74 22780 admin optional
sudo_1.8.15-1.debian.tar.xz
db5915be9c65b8753ae739b88018c06c 632758 debug extra
sudo-dbgsym_1.8.15-1_amd64.deb
7f2b0e5655b5360b956f55e42ab410a5 655768 debug extra
sudo-ldap-dbgsym_1.8.15-1_amd64.deb
2fea6b2268a3eac717e71e9e3782211c 1011496 admin optional
sudo-ldap_1.8.15-1_amd64.deb
2fcf93dab9350e5a3a7e45431abade59 982480 admin optional sudo_1.8.15-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVnt6DzqTYZbAldlBAQoZHBAAkWJZavqtfPQKvGQ6dU4MeUIEFiSYYMXF
RLOFLTsEqfo6YwEobGUdLRH60Ozyt6OU/R9U+txEW/BY8LaGlDWYuGUeDhK0GinO
Wc5xJ8HkcHHqkHS5TkKKWBq03RFEJMfOI7yU5SegfSIU8ZsJIeUxXR0KUUYO+kWA
X1dMOq9/zhS/pFYAzAzxKhBgSIsrS7EX81R31OJ1WTPjh7iYYDktH6RzNAARVfkk
pYeEFK0ZlX7tQJF/bJpxeuobrR85AxFmQmobK7QntD1yVHQrz0eBgCZUAY+gwktU
Qo69Ew9BhAYS+JItL0ZYZk4nND5GiWJ6lAVGf7kndCOiL5IvzITjJ+gXJa4N+W3s
dgII2zdKSEeFKdbz9JCXzxS4hc/SMq+Zg1tJ7Oo+oOJN9rOHtDykx2Sa0Kxcjpz1
ukhZ/8Y7d+7KlJwrLjun2X01WZ63TB71bZzbKh2w7BrWv3TxV3FebP0u++2Of2Pm
6zxSggWdKA900erytHFOohKyxZiGBFkL9LRqouzGtBHUFDEnUd3L90ziDz2y7pK2
MO9PVvg1vX+eCcLNM5M4+t5dm9bnq/ApMc6hd63smrrjsFoM4m3loBc8oBnlt9ZK
0j+6oklvNGcUJo6oJcmn/+eV7HKdE9GMjIpoZyg0n6w34Zcr+ngiv+hBTpwxqpKV
hqlryOJ1VNI=
=IdOw
-----END PGP SIGNATURE-----
--- End Message ---
