Re: Ubuntu ESM access
On 15/10/2019 23:17, Salvatore Bonaccorso wrote:
> On Tue, Oct 15, 2019 at 12:24:20AM +0200, Sylvain Beucler wrote:
>> I would like to study Ubuntu's backports of CVE-2012-2337/sudo (since
>> the stable branch of sudo experienced massive changes since our
>> versions), but sadly those are not available to the public:
> Upstream has provided backports for 1.8.10 in
> https://www.openwall.com/lists/oss-security/2019/10/15/2 .
He had sent them to me yesterday after discussing :)
Upstream mentioned "I've only tested them lightly" so it would still be
interesting to have a look at other fixes.
A cheap work-around is to buy some AWS instances with per-hour support
(RHEL, ubuntu avantage...) and grab the patches from there.
It would be better if we had some direct access though.