Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted sudo 1.8.27-1+deb10u3 (source) into stable->embargoed, stable
Date: Tue, 26 Jan 2021 18:02:46 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 Jan 2021 13:26:17 +0100
Source: sudo
Architecture: source
Version: 1.8.27-1+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
 sudo (1.8.27-1+deb10u3) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Sanity check size when converting the first record to TS_LOCKEXCL
   * Heap-based buffer overflow (CVE-2021-3156)
     - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
     - Add sudoedit flag checks in plugin that are consistent with front-end
     - Fix potential buffer overflow when unescaping backslashes in user_args
     - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
     - Don't assume that argv is allocated as a single flat buffer
Checksums-Sha1:
 6e3e811db18c4557420d28ee002748cd4734d9e7 2130 sudo_1.8.27-1+deb10u3.dsc
 76022913b4380dba21b55ebe9193042c91206db4 30836 sudo_1.8.27-1+deb10u3.debian.tar.xz
 1bbdcb25ea6cceacb3e492cf10cf014c966cd794 5612 sudo_1.8.27-1+deb10u3_source.buildinfo
Checksums-Sha256:
 fa25a83685cb69b0313e3f6c775c0f2a2878d77ab901d3c0778f17ce9d530cc1 2130 sudo_1.8.27-1+deb10u3.dsc
 9ed1562303725a5d307c637cca3dbb65020b308b082f714b2d86cb2848c26d14 30836 sudo_1.8.27-1+deb10u3.debian.tar.xz
 5916b3f27ef3176dfa963515bf53dc1c915339726dd043c67370c2025c99f45a 5612 sudo_1.8.27-1+deb10u3_source.buildinfo
Files:
 f7681c957c5556be9fb0d0bae37a6435 2130 admin optional sudo_1.8.27-1+deb10u3.dsc
 d42c69b1133331a3953be0682c0c422f 30836 admin optional sudo_1.8.27-1+deb10u3.debian.tar.xz
 15b68d3e6a8ffed711e04b00cfd4242a 5612 admin optional sudo_1.8.27-1+deb10u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAPCIBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqdMP/0MNV2TMlEBIM9b4V3pPSryt2B03gc6e
Efd53pDZi7YazZUdqrf44zRimCC4hqVlR9+IFAXfbB4qm+cJRNOn0eNMythWzTht
zbEXoNXMhDa8nMzqvWzKrK8i2EZTZFiz62IpkrBA7sgY3VVwWf4CDrM/uxtFZcEt
38lMlor9RkZVEByaBtPtUn867IGQQGTFsysACiEzPYVjPCosAPyQknnKsQogiJmE
F/+kIymt5ObO/Oas3XB7H1gfq0z/bFIWyz6fBYZg3XpB8CNbgiB/eTZinwc/+137
nac4y60xK/1PH7cKDpu77GT6ORDrLYI7iF3Dlc2gVvUNgF8jp9erC6za+qX8NORu
ReNEL0wyNuI3lbBIQJKKOznwxyWYEY/oy5DYQ/DebTrrc22wmncrTWPMNMZyaqiv
j5LeSSSsNgi6yIFeIi+CBWPM9X++gnjyHhePFc6m7/uXFVMelgCwK44ic3YD10Cd
kjJyLgSjqhC/vai8q/ckYXkJtMQmzyGCjFqyGkpVlGP6TzNwXG993qnADoKUd7pE
r9Wpp0YO2KwIoCDF85otONfBbZ6OftutIVLF5vfGobEiNZy3RG5HeWjmXaEwqB+d
jGipCSRCZ4GQScAsKB+Zr8I+zXatREU1G7hPDsJsIt6Q92t8SKnbdQJjgfbYE1R4
JdwVNeRZKFZD
=NWX8
-----END PGP SIGNATURE-----
News for package sudo
