Re: Ubuntu ESM access

To: debian-lts@lists.debian.org
Subject: Re: Ubuntu ESM access
From: Sylvain Beucler <beuc@beuc.net>
Date: Wed, 16 Oct 2019 09:40:13 +0200
Message-id: <[🔎] ab9940e0-3c3a-76d1-413e-58f483e3ea35@beuc.net>
In-reply-to: <[🔎] 20191015211712.GA14915@eldamar.local>
References: <[🔎] ed38b177-d127-9a3b-9ab5-d02e8f860ab4@beuc.net> <[🔎] 20191015211712.GA14915@eldamar.local>

Hi,

On 15/10/2019 23:17, Salvatore Bonaccorso wrote:
> On Tue, Oct 15, 2019 at 12:24:20AM +0200, Sylvain Beucler wrote:
>> Hi,
>>
>> I would like to study Ubuntu's backports of CVE-2012-2337/sudo (since
>> the stable branch of sudo experienced massive changes since our
>> versions), but sadly those are not available to the public:
>> https://usn.ubuntu.com/4154-1/
> Upstream has provided backports for 1.8.10 in
> https://www.openwall.com/lists/oss-security/2019/10/15/2 .

He had sent them to me yesterday after discussing :)

Upstream mentioned "I've only tested them lightly" so it would still be
interesting to have a look at other fixes.

A cheap work-around is to buy some AWS instances with per-hour support
(RHEL, ubuntu avantage...) and grab the patches from there.
It would be better if we had some direct access though.

Cheers!
Sylvain

Reply to:

References:
- Ubuntu ESM access
  - From: Sylvain Beucler <beuc@beuc.net>
- Backports for CVE-2019-14287 for sudo (was: Re: Ubuntu ESM access)
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: poppler / CVE-2019-9959
Next by Date: Re: cacti: CVE-2019-16723
Previous by thread: Backports for CVE-2019-14287 for sudo (was: Re: Ubuntu ESM access)
Next by thread: poppler / CVE-2019-9959
Index(es):
- Date
- Thread