From 521f9e0029d97055d7cd8cade39924b76718ff41 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Tue, 22 Nov 2005 15:00:10 +0000 Subject: sudo: upgrade to 1.6.8p12 due to CVE-2005-1993 - Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. - Thanks to Jamie Lenehan for notice - close #486 --- packages/sudo/sudo_1.6.8p12.bb | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 packages/sudo/sudo_1.6.8p12.bb (limited to 'packages/sudo/sudo_1.6.8p12.bb') diff --git a/packages/sudo/sudo_1.6.8p12.bb b/packages/sudo/sudo_1.6.8p12.bb new file mode 100644 index 0000000000..f9d55411f8 --- /dev/null +++ b/packages/sudo/sudo_1.6.8p12.bb @@ -0,0 +1,7 @@ +SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \ + file://nonrootinstall.patch;patch=1 \ + file://nostrip.patch;patch=1 \ + file://autofoo.patch;patch=1 \ + file://noexec-link.patch;patch=1" + +include sudo.inc -- cgit v1.2.3