Debian Package Tracker

From: Ben Hutchings <ben@decadent.org.uk>
To: <debian-lts-changes@lists.debian.org>
Subject: Accepted sudo 1.7.4p4-2.squeeze.6 (source) into squeeze-lts
Date: Tue, 05 Jan 2016 19:06:00 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 Jan 2016 18:45:35 +0000
Source: sudo
Binary: sudo sudo-ldap
Architecture: source
Version: 1.7.4p4-2.squeeze.6
Distribution: squeeze-lts
Urgency: medium
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Description:
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 804149
Changes:
 sudo (1.7.4p4-2.squeeze.6) squeeze-lts; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team
   * Disable editing of files via user-controllable symlinks
     (Closes: #804149) (CVE-2015-5602)
     - sudoedit path restriction bypass using symlinks
     - Change warning when user tries to sudoedit a symbolic link
     - Open sudoedit files with O_NONBLOCK and fail if they are not regular files
     - Remove S_ISREG check from sudo_edit_open(), it is already done in the
       caller
     - Add directory writability checks for sudoedit
     - Fix directory writability checks for sudoedit
     - Enable sudoedit directory writability checks by default
Checksums-Sha1:
 0b6546bec910002b7a493429f0f9a3b3b85a10e6 1779 sudo_1.7.4p4-2.squeeze.6.dsc
 09ba4b9d788cd28d569fb07d3623a5a0fcc40142 101408 sudo_1.7.4p4-2.squeeze.6.debian.tar.xz
Checksums-Sha256:
 3aa35f05b2b64aa9a33942f6f1b0363e55a30cb1df0e3a74f0766696979eddd5 1779 sudo_1.7.4p4-2.squeeze.6.dsc
 4c8c43f2d90bd8474ddbc110a5c4df10f76a5b047382f970684e76c99b37fd57 101408 sudo_1.7.4p4-2.squeeze.6.debian.tar.xz
Files:
 0c4b01e91a293233c607012ac50ff93f 1779 admin optional sudo_1.7.4p4-2.squeeze.6.dsc
 a02eb94481caea038b6ed0a97ed1aee4 101408 admin optional sudo_1.7.4p4-2.squeeze.6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVowPwee/yOyVhhEJAQqQxw/+OktRIYg84bOhlYuQTpbdqH9GN2WBlJFV
OwQTFf7JlZla8COfzUT5x/oC44liJ8PozLz1kMReYzdRCJqG76qbLhO49pbsi3o7
Gi3o/zkc6kmWW1SwoArvC8/du27yFRj1UE68kcVjlI883wxuEwxjpHB473i/nCKB
IPU5KIRmhBAdJ9GrG/kMEG9Wwur/V9H//9Z9VCAKzqwZGvd/xftt5UO0aiFnDOiU
aQ+F9ovhcf+1P7uVRkGTi/012yb20WTzShk0wOA8jCswOKtVoPkedFM/IeVmuXW5
38ufU7DdvYMhq8UlRDKlaVWaKcXYFBKrsc7XJS00Ju7cMeefUnBzdH4JKeX2LiC2
+nT/Nz7FsQWDSdky75YZ4Vy2X0bGGZTR4wcuVzOfgpRqVQIbuFfQ8ONtnULVu8ga
sXOF7Mcr+jHnxEHRTcc74ZNW97ErG+HSiK/r6MyAaAkMt6l9vUDxAIA0yZreGY6L
2b6X5EmTRJNU99lDPuAs3An8UBJGxl9v02qQpgE98LaP40upKg6G0CzAujxFORys
tTiAcCN2cPTunbnUOm8YWWFGQqnsMhWLwPGTFxW/BlcjzizTi2RNaFqtL2toPZ7d
g4XiTjeN69hR2lZ+V+K6GnstsgAlwkr91pzUD8UjFTQdVYhSkgUeFNOwSocnvbyC
dopIaJqjb1U=
=S2BM
-----END PGP SIGNATURE-----
News for package sudo
