Bug#609839: unblock: sudo/1.7.4p4-6

To: Moritz Muehlenhoff <jmm@debian.org>, 609839@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#609839: unblock: sudo/1.7.4p4-6
From: Bdale Garbee <bdale@gag.com>
Date: Wed, 12 Jan 2011 16:50:48 -0700
Message-id: <[🔎] 87zkr54r6v.fsf@gag.com>
Reply-to: Bdale Garbee <bdale@gag.com>, 609839@bugs.debian.org
In-reply-to: <[🔎] 20110112213856.3807.71815.reportbug@pisco.westfalen.local>
References: <[🔎] 20110112213856.3807.71815.reportbug@pisco.westfalen.local>

On Wed, 12 Jan 2011 22:38:56 +0100, Moritz Muehlenhoff <jmm@debian.org> wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package sudo. It fixes CVE-2011-0010.
> 
> unblock sudo/1.7.4p4-6
> 
> There are some non-security fixes since the -2 version in testing,
> though.

I would love to see -6 replace -2 in testing.  I just reviewed my commit
logs, and all of the changes in that range were either packaging
improvements, or minimal patches from upstream to fix real bugs.  In
particular, note that the patch from upstream that took us from -5 to -6
also has potential security implications (in some circumstances a user
could change default group without the expected password prompt).

Bdale

Attachment: pgpNlOR7HDgHa.pgp
Description: PGP signature

Reply to:

References:
- Bug#609839: unblock: sudo/1.7.4p4-6
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Bug#609843: unblock: snort/2.8.5.2-7
Next by Date: NEW changes in proposedupdates
Previous by thread: Bug#609839: unblock: sudo/1.7.4p4-6
Next by thread: Bug#609839: unblock: sudo/1.7.4p4-6
Index(es):
- Date
- Thread