summaryrefslogtreecommitdiff
path: root/packages/sudo/sudo_1.6.8p12.bb
diff options
context:
space:
mode:
authorMarcin Juszkiewicz <hrw@openembedded.org>2005-11-22 15:00:10 +0000
committerOpenEmbedded Project <openembedded-devel@lists.openembedded.org>2005-11-22 15:00:10 +0000
commit521f9e0029d97055d7cd8cade39924b76718ff41 (patch)
tree1f883e62ae71d4d76b532ec9e205b5c104010bb5 /packages/sudo/sudo_1.6.8p12.bb
parent124f2ee8215b7570476a83168b1f57e1ea981c8d (diff)
sudo: upgrade to 1.6.8p12 due to CVE-2005-1993
- Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. - Thanks to Jamie Lenehan for notice - close #486
Diffstat (limited to 'packages/sudo/sudo_1.6.8p12.bb')
-rw-r--r--packages/sudo/sudo_1.6.8p12.bb7
1 files changed, 7 insertions, 0 deletions
diff --git a/packages/sudo/sudo_1.6.8p12.bb b/packages/sudo/sudo_1.6.8p12.bb
new file mode 100644
index 0000000000..f9d55411f8
--- /dev/null
+++ b/packages/sudo/sudo_1.6.8p12.bb
@@ -0,0 +1,7 @@
+SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
+ file://nonrootinstall.patch;patch=1 \
+ file://nostrip.patch;patch=1 \
+ file://autofoo.patch;patch=1 \
+ file://noexec-link.patch;patch=1"
+
+include sudo.inc