From owner-cvs-all@FreeBSD.ORG Tue Jun 21 13:00:56 2005 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B00116A41C; Tue, 21 Jun 2005 13:00:56 +0000 (GMT) (envelope-from freebsd@galle.com.br) Received: from data.galle.com.br (data.galle.com.br [200.246.25.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 57B3B43D49; Tue, 21 Jun 2005 13:00:55 +0000 (GMT) (envelope-from freebsd@galle.com.br) Received: from data.galle.com.br (data.galle.com.br [200.246.25.10]) by data.galle.com.br (8.13.3/8.13.1) with ESMTP id j5LD0qjF013660; Tue, 21 Jun 2005 10:00:52 -0300 (BRST) (envelope-from freebsd@galle.com.br) Received: (from renato@localhost) by data.galle.com.br (8.13.3/8.13.1/Submit) id j5LD0kxY013657; Tue, 21 Jun 2005 10:00:46 -0300 (BRST) (envelope-from freebsd@galle.com.br) X-Authentication-Warning: data.galle.com.br: renato set sender to freebsd@galle.com.br using -f Date: Tue, 21 Jun 2005 10:00:46 -0300 From: Renato Botelho To: "Sergey A. Osokin" Message-ID: <20050621130046.GC4151@galle.com.br> References: <200506211252.j5LCq1VB040407@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <200506211252.j5LCq1VB040407@repoman.freebsd.org> User-Agent: mutt-ng devel (FreeBSD) Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/security/sudo Makefile distinfo X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2005 13:00:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jun 21, 2005 at 12:52:01PM +0000, Sergey A. Osokin wrote: > osa 2005-06-21 12:52:01 UTC > > FreeBSD ports repository > > Modified files: > security/sudo Makefile distinfo > Log: > Security update to latest release: 1.6.8p9. > > > Summary: > A race condition in Sudo's command pathname handling prior > to Sudo version 1.6.8p9 that could allow a user with Sudo > privileges to run arbitrary commands. > Sudo versions affected: > Sudo versions 1.3.1 up to and including 1.6.8p8. > > > More information about this incident available at: > http://www.sudo.ws/sudo/alerts/path_race.html > > Revision Changes Path > 1.74 +2 -2 ports/security/sudo/Makefile > 1.47 +2 -2 ports/security/sudo/distinfo > _______________________________________________ > cvs-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/cvs-ports > To unsubscribe, send any mail to "cvs-ports-unsubscribe@freebsd.org" Please, close the PR 82479 that I sent this morning to do this. Thanks - -- Renato Botelho AIM: RBGargaBR | ICQ: 54596223 GnuPG Key: http://www.galle.com.br/~renato/pubkey.asc Best of all is never to have been born. Second best is to die soon. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCuA9+6CRbiSJE7akRAsRuAJsEu8X6W6Vb5mZjv7zPb2VnyGud4QCfVJee etcWkAHHaMApSdpza7pNjW0= =cTl3 -----END PGP SIGNATURE-----