projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9cf6174)
package/sudo: security bump to version 1.8.28
authorBaruch Siach <baruch@tkos.co.il>
Tue, 15 Oct 2019 06:59:07 +0000 (09:59 +0300)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Tue, 15 Oct 2019 07:20:57 +0000 (09:20 +0200)
Fixes CVE-2019-14287: a sudo user may be able to run a command as root
when the Runas specification explicitly disallows root access as long as
the ALL keyword is listed first.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/sudo/sudo.hash patch | blob | history
package/sudo/sudo.mk patch | blob | history

diff --git a/package/sudo/sudo.hash b/package/sudo/sudo.hash
index 8a3511df821083f5138856a64e7009cd400b795a..179595298851c20f8d99dad769a6059954c87ef4 100644 (file)
--- a/package/sudo/sudo.hash
+++ b/package/sudo/sudo.hash
@@ -1,4 +1,4 @@
 # From: http://www.sudo.ws/download.html
-sha256 7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd33e2ec0  sudo-1.8.27.tar.gz
+sha256 9129fa745a08caff0ce2042d2162b38eb9bf73bf43fcb248ac8b3a750c1f13a1  sudo-1.8.28.tar.gz
 # Locally calculated
 sha256 e0e7990185834e9f08f3e922905d7bfaf998d13be668c6026d2586b1718210ba  doc/LICENSE
diff --git a/package/sudo/sudo.mk b/package/sudo/sudo.mk
index 48c89210434ee459604fdbc92624cecbbd6a0e27..cf8b63b1db9a5f91c0c157a599e8c519547cf061 100644 (file)
--- a/package/sudo/sudo.mk
+++ b/package/sudo/sudo.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SUDO_VERSION = 1.8.27
+SUDO_VERSION = 1.8.28
 SUDO_SITE = https://www.sudo.ws/sudo/dist
 SUDO_LICENSE = ISC, BSD-3-Clause
 SUDO_LICENSE_FILES = doc/LICENSE