Back to sudo PTS page

Accepted sudo 1.9.5p1-1.1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted sudo 1.9.5p1-1.1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 26 Jan 2021 18:20:20 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1l4Swu-0002uP-OF@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 Jan 2021 10:11:47 +0100
Source: sudo
Architecture: source
Version: 1.9.5p1-1.1
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
 sudo (1.9.5p1-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Heap-based buffer overflow (CVE-2021-3156)
     - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
     - Add sudoedit flag checks in plugin that are consistent with front-end
     - Fix potential buffer overflow when unescaping backslashes in user_args
     - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
     - Don't assume that argv is allocated as a single flat buffer
Checksums-Sha1:
 0a7bd92942bcd9b88c9852504590ddf8bf3e8a1d 2125 sudo_1.9.5p1-1.1.dsc
 bf81f0a85553ba67168af199db44ee1eb05cc983 27444 sudo_1.9.5p1-1.1.debian.tar.xz
 6d9abe665c898a33139685d6f2a90cf09902ab24 5625 sudo_1.9.5p1-1.1_source.buildinfo
Checksums-Sha256:
 81e662b60e388bf55bc0fbda7cee4284a0703e9f409efa9f03fb2797e3452506 2125 sudo_1.9.5p1-1.1.dsc
 5f436ead33f1e890417b0378404dd9b8289ae9a659b3525e94e8ecbe97d7736d 27444 sudo_1.9.5p1-1.1.debian.tar.xz
 259eee28c5e2981ba697da357d5989317771c8d30a6b1c8b8fa3f4bbc96396ff 5625 sudo_1.9.5p1-1.1_source.buildinfo
Files:
 5c52bc8d46da83a7b31e4e750c133d65 2125 admin optional sudo_1.9.5p1-1.1.dsc
 82c2e3948c644b39cdacb3df874f555e 27444 admin optional sudo_1.9.5p1-1.1.debian.tar.xz
 c7f2948e4b98a641542f96cedc306887 5625 admin optional sudo_1.9.5p1-1.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAQSflfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EsqYP/0cQUTgM1B/THapyKRhFfUIuIq9Cl2Fu
VNtctk7m5I9Siv989EgEJ+W/444g3w6vKvDBEaXdBrrBI51f5xXQficJEYVTgiN1
obkMWV2I55wsLcVy9+RsWpwIIek1lq22XXXqgMHf0A/TqzqJhpoMf5noD7AMvvYH
DWEAobzEHJw3MBY8tcOrAFpaGW1LSuw3n2mVFn7yyu4Tg9U0Uv2TAe4/3KXbDOfc
ovRyzILgvEQVbvfOShE9zvf3EpEqM0n1dEyYf8bSqSJOWfzMYogqSeyg/+QR0vj+
wT8a69OggFkvYNkc7/VTYJUWB2AGOxp+OJ8vaFMLF2drj1VslRwoZ08jhseTvTmK
GeVlzUYpCvs+KzhH60mAmB+DxYXYkQIv5VDR583cJaDqCo2iNJyBaAYB45XGxcKE
qbVdIlrtLzJ55IJ0cbsHxprgIo3PQvN66JI58zRKbKS9alOxrRCWL8q0HOvzF2dv
nCWSbRGkgkQF4+kisd1OBjqFhTmlyN8Hr9UGbpBEjhA09mGDppW+C11rerAb6yzu
dUVSYLpVKeLfMC6mgU/4QxyPVYMj8babaTr+Vd/fbHKL1m6UGrn0H5+r/wJYQHKj
XdkP4HqXo9+YM5dHj8jWWNIOs2D5ZpE78XTQ36A38VXdbBePL9VlVjJUH6Ifl2tJ
LsAVVrXA2yqM
=/2T1
-----END PGP SIGNATURE-----