Date: Wed, 18 Jan 2023 20:16:15 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809) Message-ID: <bug-269030-7788-1Yayh1rx3t@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-269030-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-269030-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269030 --- Comment #5 from commit-hook@FreeBSD.org --- A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3De4b0eefa183226d3d6cb8be568a5a3a= a586c12b9 commit e4b0eefa183226d3d6cb8be568a5a3aa586c12b9 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2023-01-18 16:20:58 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2023-01-18 20:15:38 +0000 security/sudo: Update to 1.9.12p2 Major changes between sudo 1.9.12p2 and 1.9.12p1: * Fixed a compilation error on Linux/aarch64. GitHub issue #197. * Fixed a potential crash introduced in the fix for GitHub issue #134. If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. * Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit) that coud allow a malicious user with sudoedit privileges to edit arbitrary files. PR: 269030 Submitted by: cy Reported by: cy Approved by: garga MFH: 2023Q1 Security: CVE-2023-22809 (cherry picked from commit 8f8bd813f3139d6f6ff35704808111c4ad1f053a) security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-269030-7788-1Yayh1rx3t>