[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ubuntu ESM access


On 15/10/2019 23:17, Salvatore Bonaccorso wrote:
> On Tue, Oct 15, 2019 at 12:24:20AM +0200, Sylvain Beucler wrote:
>> Hi,
>> I would like to study Ubuntu's backports of CVE-2012-2337/sudo (since
>> the stable branch of sudo experienced massive changes since our
>> versions), but sadly those are not available to the public:
>> https://usn.ubuntu.com/4154-1/
> Upstream has provided backports for 1.8.10 in
> https://www.openwall.com/lists/oss-security/2019/10/15/2 .

He had sent them to me yesterday after discussing :)

Upstream mentioned "I've only tested them lightly" so it would still be
interesting to have a look at other fixes.

A cheap work-around is to buy some AWS instances with per-hour support
(RHEL, ubuntu avantage...) and grab the patches from there.
It would be better if we had some direct access though.


Reply to: