Your message dated Wed, 08 Mar 2023 21:05:48 +0000 with message-id <e1pa0yq-003lkw...@fasolo.debian.org> and subject line Bug#1032163: fixed in sudo 1.9.13p3-1 has caused the Debian Bug report #1032163, regarding sudo: CVE-2023-27320 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1032163: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032163 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sudo Version: 1.9.13p1-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for sudo, filling as RC aiming to have it fixed before bookworm release. CVE-2023-27320[0]: | Sudo before 1.9.13p2 has a double free in the per-command chroot | feature. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-27320 https://www.cve.org/CVERecord?id=CVE-2023-27320 [1] https://www.openwall.com/lists/oss-security/2023/02/28/1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: sudo Source-Version: 1.9.13p3-1 Done: Marc Haber <mh+debian-packa...@zugschlus.de> We believe that the bug you reported is fixed in the latest version of sudo, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1032...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marc Haber <mh+debian-packa...@zugschlus.de> (supplier of updated sudo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 08 Mar 2023 21:17:05 +0100 Source: sudo Architecture: source Version: 1.9.13p3-1 Distribution: unstable Urgency: medium Maintainer: Sudo Maintainers <s...@packages.debian.org> Changed-By: Marc Haber <mh+debian-packa...@zugschlus.de> Closes: 1032163 Changes: sudo (1.9.13p3-1) unstable; urgency=medium . * new upstream version: * Fix potential double free for CHROOT= rules CVE-2023-27320. (Closes: #1032163) * Fix --enable-static-sudoers regression * check for overflow as result of fuzzing efforts * Fix parser regression disallowing rules for user "list" * Fix eventloop hang if there is /dev/tty data * Fix sudo -l command args regression * Fix sudo -l -U someuser regression * Fix list privs regression Checksums-Sha1: 3751b75e24aa6276312386230cdd9651f8a4780f 2573 sudo_1.9.13p3-1.dsc dd5bffed0397cd0543e487d1c8847554dcd5fe30 5100355 sudo_1.9.13p3.orig.tar.gz 2ede198a3e0c3b08490d47978dd32fd609590ec0 833 sudo_1.9.13p3.orig.tar.gz.asc fa040675c6a280da99cac30b1a2757aebed7d182 41700 sudo_1.9.13p3-1.debian.tar.xz 513176de46acdb8a9de2c4ba5e7ae47b35ebdf05 6452 sudo_1.9.13p3-1_source.buildinfo Checksums-Sha256: 9c86c42c15df25c1b05b5fb4048933779833f5ff1aa689ea3edfe8c3dcd0ad5a 2573 sudo_1.9.13p3-1.dsc 92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b 5100355 sudo_1.9.13p3.orig.tar.gz f0220d3d78c06b50213d3363c14f0eee65ebdbce49f7870a22b651374f23bd92 833 sudo_1.9.13p3.orig.tar.gz.asc d16c26f7e1420a75f5a66db335db8be1278a6bb3b8f65fc28b830265ce82ec73 41700 sudo_1.9.13p3-1.debian.tar.xz 5bc6ba8b67b9d42f103ef0ffd456e1bd4209fba0d8ff152e67c5f35dffc9cd7c 6452 sudo_1.9.13p3-1_source.buildinfo Files: ba4dc90c41b440ed44a3ffad90358ac1 2573 admin optional sudo_1.9.13p3-1.dsc be560d914b60376dab3449c99b9f19ef 5100355 admin optional sudo_1.9.13p3.orig.tar.gz 58aef40ebcf0f054ff3c029ff4a3ee1c 833 admin optional sudo_1.9.13p3.orig.tar.gz.asc 3f6b83d15caeab6c5298a1b3f401356a 41700 admin optional sudo_1.9.13p3-1.debian.tar.xz 3c51a2269bfaf1b025432ee731586b2a 6452 admin optional sudo_1.9.13p3-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmQI8QUACgkQj3cgEwEy BELlxQ/+Iy55A9nky7jTlcBMD08+pQE71pCJQVnHJf1bSW9dvebI1KikwFWCeZyu Y3YlbHNrzmx7wGdYx5vXwYDiDMy0zZEooIaiAOP6nFD0nrNqwFr3zVDJvQibV+og XhjYrQZph4nY9kbRqwpM8eodvc+Cymd0Saa38X79tsPhi6+ZrRk5+fCyYNb5gZRv K7DqOldUUgJcKo6OgFpzCPxQCCcBSmNbr2RAEhfB2ZwotWddaB1DeTQePkCcCv5N rbvYyKh3ZqYgIX3mU3pQG2lmF15C0B/AkmxBq1UEc/VzfFyDD5AezdJcVPhsYdaG IofYME5Lp/V+/i2eWuTVA0ATQ626ha3ZoAyJWGXojqbOi+4JEo5MhMk5RXQW3Oku 2dnIVozFQvdW4s0RZUMzndgt22ACLwfUwcTL0gvDzvKAj4HsvpMtVtpKONsaieTG 7/4PyhkyrG3B/JlmVmbX1nH0X9SV4ziC0S6afbaTHbKJrrfet9tR9JO8EJ0ikdcq 9ymynl51IrempwoYEAIEWR63rOaQ96qJP+58y5LB5CetxNYXQ6zlq9Mq3YGRD88H DYK2cvjzKFi7SnMjRwuxNkbqYouRuBlfWJtDMtBytntOLb2BKlnaIOmvByY2Xqju h8Il1vMkMReHjJSbfzLumBplHk8GqR2b/qxy8FwTyNTgjXb0Tkg= =AmyY -----END PGP SIGNATURE-----
--- End Message ---
