Date: Tue, 21 Jun 2005 13:05:24 +0000 From: "Sergey A. Osokin" <osa@FreeBSD.org> To: Renato Botelho <freebsd@galle.com.br> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/security/sudo Makefile distinfo Message-ID: <20050621130524.GD38953@FreeBSD.org> In-Reply-To: <20050621130046.GC4151@galle.com.br> References: <200506211252.j5LCq1VB040407@repoman.freebsd.org> <20050621130046.GC4151@galle.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 21, 2005 at 10:00:46AM -0300, Renato Botelho wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, Jun 21, 2005 at 12:52:01PM +0000, Sergey A. Osokin wrote: > > osa 2005-06-21 12:52:01 UTC > > > > FreeBSD ports repository > > > > Modified files: > > security/sudo Makefile distinfo > > Log: > > Security update to latest release: 1.6.8p9. > > > > <Security Alert> > > Summary: > > A race condition in Sudo's command pathname handling prior > > to Sudo version 1.6.8p9 that could allow a user with Sudo > > privileges to run arbitrary commands. > > Sudo versions affected: > > Sudo versions 1.3.1 up to and including 1.6.8p8. > > </Security Alert> > > > > More information about this incident available at: > > http://www.sudo.ws/sudo/alerts/path_race.html > > > > Revision Changes Path > > 1.74 +2 -2 ports/security/sudo/Makefile > > 1.47 +2 -2 ports/security/sudo/distinfo > > _______________________________________________ > > cvs-ports@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/cvs-ports > > To unsubscribe, send any mail to "cvs-ports-unsubscribe@freebsd.org" > > Please, close the PR 82479 that I sent this morning to do this. Oops, PR closed. Thanks a lot for report! -- Sergey A. Osokin, osa@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050621130524.GD38953>