Date: Thu, 22 Feb 2001 14:14:59 -0500 From: Chris Faulhaber <jedgar@fxp.org> To: "Bruce A. Mah" <bmah@FreeBSD.ORG> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-security@FreeBSD.ORG Subject: Re: Sudo version 1.6.3p6 now available (fwd) Message-ID: <20010222141459.A70502@peitho.fxp.org> In-Reply-To: <200102221908.f1MJ8NY42653@bmah-freebsd-0.cisco.com>; from bmah@FreeBSD.ORG on Thu, Feb 22, 2001 at 11:08:23AM -0800 References: <200102221627.f1MGRk149151@cwsys.cwsent.com> <200102221908.f1MJ8NY42653@bmah-freebsd-0.cisco.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Feb 22, 2001 at 11:08:23AM -0800, Bruce A. Mah wrote: > If memory serves me right, Cy Schubert - ITSD Open Systems Group wrote: > > As I don't have time to submit a PR for the sudo port morning, I'm > > sending this to -security. > > [snip] > > > Sudo version 1.6.3p6 is now available (ftp sites listed at the end). > > This fixes a *buffer overflow* in sudo which is a potential security > > problem. I don't know of any exploits that currently exist but I > > suggest that you upgrade none the less. > > Someone already updated the version in the ports tree: > > bmah-freebsd-0:bmah% pkg_version -v | grep sudo > sudo-1.6.3.6 = up-to-date with port > Though the commit message is confusing: Update to 1.6.3p5 -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjqVZTMACgkQObaG4P6BelDIJACfeYh5c6Pw+isR7vfA7nZGv2Sd AnQAnA5rqU3X0K2cEStYa2Rv76/lhOys =dHsR -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010222141459.A70502>