Date: Fri, 6 Feb 2009 19:35:47 +0000 (UTC) From: Tom McLaughlin <tmclaugh@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/security/sudo Makefile distinfo ports/security/vuxml vuln.xml Message-ID: <200902061935.n16JZlpt011319@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
tmclaugh 2009-02-06 19:35:47 UTC
FreeBSD ports repository
Modified files:
security/sudo Makefile distinfo
security/vuxml vuln.xml
Log:
Security update for sudo to 1.6.9p20 for CVE 2009-0034
Changes:
- Only use the cached supplementory group vector when matching groups
for the invoking user. (security)
- When setting the umask, use the union of the user's umask and the
default value set in sudoers so that we never lower the user's umask
when running a command.
- Sudo now operates in the C locale again when doing a match against
sudoers.
PR: 131446
Submitted by: Eygene Ryabinkin
Security: vid:13d6d997-f455-11dd-8516-001b77d09812
Revision Changes Path
1.101 +2 -2 ports/security/sudo/Makefile
1.61 +3 -3 ports/security/sudo/distinfo
1.1846 +33 -1 ports/security/vuxml/vuln.xml
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902061935.n16JZlpt011319>