[ubuntu/hirsute-proposed] sudo 1.9.5p2-2ubuntu1 (Accepted)

William 'jawn-smith' Wilson william.wilson at canonical.com
Mon Feb 15 18:30:13 UTC 2021 

sudo (1.9.5p2-2ubuntu1) hirsute; urgency=low

  * Merge from Debian unstable. (LP: #1915307)
    * Remaining changes:
      - debian/rules:
        + use dh-autoreconf
      - debian/rules: stop shipping init scripts, as they are no longer
        necessary.
      - debian/rules:
        + compile with --without-lecture --with-tty-tickets --enable-admin-flag
        + install man/man8/sudo_root.8 in both flavours
        + install apport hooks
      - debian/sudo-ldap.dirs, debian/sudo.dirs:
        + add usr/share/apport/package-hooks
      - debian/sudo.pam:
        + Use pam_env to read /etc/environment and /etc/default/locale
          environment files. Reading ~/.pam_environment is not permitted due
          to security reasons.
      - debian/sudoers:
        + also grant admin group sudo access
        + include /snap/bin in the secure_path
    * Dropped patches, no longer needed because they are integrated in Debian:
      - CVE-2021-23239.patch
      - CVE-2021-3156-1.patch
      - CVE-2021-3156-2.patch
      - CVE-2021-3156-3.patch
      - CVE-2021-3156-4.patch
      - CVE-2021-3156-5.patch

sudo (1.9.5p2-2) unstable; urgency=medium

  * patch from upstream repo to fix NO_ROOT_MAILER

sudo (1.9.5p2-1) unstable; urgency=high

  * new upstream version, addresses CVE-2021-3156

sudo (1.9.5p1-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Heap-based buffer overflow (CVE-2021-3156)
    - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
    - Add sudoedit flag checks in plugin that are consistent with front-end
    - Fix potential buffer overflow when unescaping backslashes in user_args
    - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
    - Don't assume that argv is allocated as a single flat buffer

sudo (1.9.5p1-1) unstable; urgency=medium

  * new upstream version, closes: #980028

sudo (1.9.5-1) unstable; urgency=medium

  * new upstream version

Date: Wed, 10 Feb 2021 05:42:42 -0600
Changed-By: William 'jawn-smith' Wilson <william.wilson at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/sudo/1.9.5p2-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 10 Feb 2021 05:42:42 -0600
Source: sudo
Architecture: source
Version: 1.9.5p2-2ubuntu1
Distribution: hirsute
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: William 'jawn-smith' Wilson <william.wilson at canonical.com>
Closes: 980028
Launchpad-Bugs-Fixed: 1915307
Changes:
 sudo (1.9.5p2-2ubuntu1) hirsute; urgency=low
 .
   * Merge from Debian unstable. (LP: #1915307)
     * Remaining changes:
       - debian/rules:
         + use dh-autoreconf
       - debian/rules: stop shipping init scripts, as they are no longer
         necessary.
       - debian/rules:
         + compile with --without-lecture --with-tty-tickets --enable-admin-flag
         + install man/man8/sudo_root.8 in both flavours
         + install apport hooks
       - debian/sudo-ldap.dirs, debian/sudo.dirs:
         + add usr/share/apport/package-hooks
       - debian/sudo.pam:
         + Use pam_env to read /etc/environment and /etc/default/locale
           environment files. Reading ~/.pam_environment is not permitted due
           to security reasons.
       - debian/sudoers:
         + also grant admin group sudo access
         + include /snap/bin in the secure_path
     * Dropped patches, no longer needed because they are integrated in Debian:
       - CVE-2021-23239.patch
       - CVE-2021-3156-1.patch
       - CVE-2021-3156-2.patch
       - CVE-2021-3156-3.patch
       - CVE-2021-3156-4.patch
       - CVE-2021-3156-5.patch
 .
 sudo (1.9.5p2-2) unstable; urgency=medium
 .
   * patch from upstream repo to fix NO_ROOT_MAILER
 .
 sudo (1.9.5p2-1) unstable; urgency=high
 .
   * new upstream version, addresses CVE-2021-3156
 .
 sudo (1.9.5p1-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Heap-based buffer overflow (CVE-2021-3156)
     - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
     - Add sudoedit flag checks in plugin that are consistent with front-end
     - Fix potential buffer overflow when unescaping backslashes in user_args
     - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
     - Don't assume that argv is allocated as a single flat buffer
 .
 sudo (1.9.5p1-1) unstable; urgency=medium
 .
   * new upstream version, closes: #980028
 .
 sudo (1.9.5-1) unstable; urgency=medium
 .
   * new upstream version
Checksums-Sha1:
 196885592ad68c82bcf41d60e46f9d892189d7ec 2069 sudo_1.9.5p2-2ubuntu1.dsc
 08bde247a1e08bc881eec43e09733f7ca06408f5 4012277 sudo_1.9.5p2.orig.tar.gz
 fdbe9bc3a0adeba864809daaeba2beb9610f63ec 33044 sudo_1.9.5p2-2ubuntu1.debian.tar.xz
 bd964fe316089571b97ca53996cfac605354f71b 7323 sudo_1.9.5p2-2ubuntu1_source.buildinfo
Checksums-Sha256:
 d0dc2bcf8f162f093513c2d2c2c787c882549ca45d1316b5e6552f2166ab1c4b 2069 sudo_1.9.5p2-2ubuntu1.dsc
 539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978 4012277 sudo_1.9.5p2.orig.tar.gz
 3e4cfe494279db7d830940748820308193e57bc9df8fb0f3c7e5634df3ce36b3 33044 sudo_1.9.5p2-2ubuntu1.debian.tar.xz
 9bd1f013728072a5a0c3a34f14489899f8d1f639ea50ccc7e6d59b4d366db10e 7323 sudo_1.9.5p2-2ubuntu1_source.buildinfo
Files:
 c67779fa49281f58a751efee8ab7c6d5 2069 admin optional sudo_1.9.5p2-2ubuntu1.dsc
 e6bc4c18c06346e6b3431637a2b5f3d5 4012277 admin optional sudo_1.9.5p2.orig.tar.gz
 b140d6a86200900cecce208fdeffab44 33044 admin optional sudo_1.9.5p2-2ubuntu1.debian.tar.xz
 293665abf499dbab99e6d3231a5c1eff 7323 admin optional sudo_1.9.5p2-2ubuntu1_source.buildinfo
Original-Maintainer: Bdale Garbee <bdale at gag.com>

More information about the Hirsute-changes mailing list