From owner-freebsd-security  Thu Feb 22 11: 8:27 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sj-msg-core-2.cisco.com (sj-msg-core-2.cisco.com [171.69.43.88])
	by hub.freebsd.org (Postfix) with ESMTP id E24AA37B401
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Feb 2001 11:08:24 -0800 (PST)
	(envelope-from bmah@cisco.com)
Received: from bmah-freebsd-0.cisco.com (bmah-freebsd-0.cisco.com [171.70.84.42])
	by sj-msg-core-2.cisco.com (8.9.3/8.9.1) with ESMTP id LAA06794;
	Thu, 22 Feb 2001 11:08:40 -0800 (PST)
Received: (from bmah@localhost)
	by bmah-freebsd-0.cisco.com (8.11.2/8.11.1) id f1MJ8NY42653;
	Thu, 22 Feb 2001 11:08:23 -0800 (PST)
	(envelope-from bmah)
Message-Id: <200102221908.f1MJ8NY42653@bmah-freebsd-0.cisco.com>
X-Mailer: exmh version 2.3.1 01/19/2001 with nmh-1.0.4
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Sudo version 1.6.3p6 now available (fwd) 
In-Reply-To: <200102221627.f1MGRk149151@cwsys.cwsent.com> 
References: <200102221627.f1MGRk149151@cwsys.cwsent.com>
Comments: In-reply-to Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
   message dated "Thu, 22 Feb 2001 08:27:23 -0800."
From: "Bruce A. Mah" <bmah@FreeBSD.ORG>
Reply-To: bmah@FreeBSD.ORG
X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5<Pi&akO)o^8;[r
 %l(8ZHlbF`dD>v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A
 2V%N&+
X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif
X-Url: http://www.employees.org/~bmah/
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1277318321P";
	 micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Thu, 22 Feb 2001 11:08:23 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

--==_Exmh_1277318321P
Content-Type: text/plain; charset=us-ascii

If memory serves me right, Cy Schubert - ITSD Open Systems Group wrote:
> As I don't have time to submit a PR for the sudo port morning, I'm 
> sending this to -security.

[snip]

> Sudo version 1.6.3p6 is now available (ftp sites listed at the end).
> This fixes a *buffer overflow* in sudo which is a potential security
> problem.  I don't know of any exploits that currently exist but I
> suggest that you upgrade none the less.

Someone already updated the version in the ports tree:

bmah-freebsd-0:bmah% pkg_version -v | grep sudo
sudo-1.6.3.6                =   up-to-date with port

Cheers,

Bruce.




--==_Exmh_1277318321P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: Exmh version 2.2 06/23/2000

iD8DBQE6lWOn2MoxcVugUsMRAk0GAJ99ljDGM26OATNGZXKUxC/PsZzCxgCg1uxW
qsBsWilCwQMAFE75AxCJ0CU=
=Shis
-----END PGP SIGNATURE-----

--==_Exmh_1277318321P--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message