Date: Wed, 18 Jan 2023 17:09:46 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809) Message-ID: <bug-269030-7788-ibVfvrh4Fw@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-269030-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-269030-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269030 --- Comment #4 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3D8f8bd813f3139d6f6ff35704808111c= 4ad1f053a commit 8f8bd813f3139d6f6ff35704808111c4ad1f053a Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2023-01-18 16:20:58 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2023-01-18 17:08:35 +0000 security/sudo: Update to 1.9.12p2 Major changes between sudo 1.9.12p2 and 1.9.12p1: * Fixed a compilation error on Linux/aarch64. GitHub issue #197. * Fixed a potential crash introduced in the fix for GitHub issue #134. If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. * Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit) that coud allow a malicious user with sudoedit privileges to edit arbitrary files. PR: 269030 Submitted by: cy Reported by: cy Approved by: garga MFH: 2023Q1 Security: CVE-2023-22809 security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-269030-7788-ibVfvrh4Fw>