-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 20 Jan 2021 13:26:17 +0100 Source: sudo Architecture: source Version: 1.8.27-1+deb10u3 Distribution: buster-security Urgency: high Maintainer: Bdale Garbee <bdale@gag.com> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Changes: sudo (1.8.27-1+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Sanity check size when converting the first record to TS_LOCKEXCL * Heap-based buffer overflow (CVE-2021-3156) - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit - Add sudoedit flag checks in plugin that are consistent with front-end - Fix potential buffer overflow when unescaping backslashes in user_args - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL - Don't assume that argv is allocated as a single flat buffer Checksums-Sha1: 6e3e811db18c4557420d28ee002748cd4734d9e7 2130 sudo_1.8.27-1+deb10u3.dsc 76022913b4380dba21b55ebe9193042c91206db4 30836 sudo_1.8.27-1+deb10u3.debian.tar.xz 1bbdcb25ea6cceacb3e492cf10cf014c966cd794 5612 sudo_1.8.27-1+deb10u3_source.buildinfo Checksums-Sha256: fa25a83685cb69b0313e3f6c775c0f2a2878d77ab901d3c0778f17ce9d530cc1 2130 sudo_1.8.27-1+deb10u3.dsc 9ed1562303725a5d307c637cca3dbb65020b308b082f714b2d86cb2848c26d14 30836 sudo_1.8.27-1+deb10u3.debian.tar.xz 5916b3f27ef3176dfa963515bf53dc1c915339726dd043c67370c2025c99f45a 5612 sudo_1.8.27-1+deb10u3_source.buildinfo Files: f7681c957c5556be9fb0d0bae37a6435 2130 admin optional sudo_1.8.27-1+deb10u3.dsc d42c69b1133331a3953be0682c0c422f 30836 admin optional sudo_1.8.27-1+deb10u3.debian.tar.xz 15b68d3e6a8ffed711e04b00cfd4242a 5612 admin optional sudo_1.8.27-1+deb10u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAPCIBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqdMP/0MNV2TMlEBIM9b4V3pPSryt2B03gc6e Efd53pDZi7YazZUdqrf44zRimCC4hqVlR9+IFAXfbB4qm+cJRNOn0eNMythWzTht zbEXoNXMhDa8nMzqvWzKrK8i2EZTZFiz62IpkrBA7sgY3VVwWf4CDrM/uxtFZcEt 38lMlor9RkZVEByaBtPtUn867IGQQGTFsysACiEzPYVjPCosAPyQknnKsQogiJmE F/+kIymt5ObO/Oas3XB7H1gfq0z/bFIWyz6fBYZg3XpB8CNbgiB/eTZinwc/+137 nac4y60xK/1PH7cKDpu77GT6ORDrLYI7iF3Dlc2gVvUNgF8jp9erC6za+qX8NORu ReNEL0wyNuI3lbBIQJKKOznwxyWYEY/oy5DYQ/DebTrrc22wmncrTWPMNMZyaqiv j5LeSSSsNgi6yIFeIi+CBWPM9X++gnjyHhePFc6m7/uXFVMelgCwK44ic3YD10Cd kjJyLgSjqhC/vai8q/ckYXkJtMQmzyGCjFqyGkpVlGP6TzNwXG993qnADoKUd7pE r9Wpp0YO2KwIoCDF85otONfBbZ6OftutIVLF5vfGobEiNZy3RG5HeWjmXaEwqB+d jGipCSRCZ4GQScAsKB+Zr8I+zXatREU1G7hPDsJsIt6Q92t8SKnbdQJjgfbYE1R4 JdwVNeRZKFZD =NWX8 -----END PGP SIGNATURE-----