Your message dated Tue, 30 May 2017 21:18:39 +0000
with message-id <[email protected]>
and subject line Bug#863731: fixed in sudo 1.8.20p1-1
has caused the Debian Bug report #863731,
regarding sudo: CVE-2017-1000367: Potential overwrite of arbitrary files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
863731: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863731
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sudo
Version: 1.8.10p3-1
Severity: grave
Tags: security upstream patch fixed-upstream
Justification: user security hole
Hi,
the following vulnerability was published for sudo.
CVE-2017-1000367[0]:
Potential overwrite of arbitrary files
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-1000367
[1] http://www.openwall.com/lists/oss-security/2017/05/30/16
[2] https://www.sudo.ws/alerts/linux_tty.html
[3] https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.8.20p1-1
We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bdale Garbee <[email protected]> (supplier of updated sudo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 30 May 2017 14:41:58 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source amd64
Version: 1.8.20p1-1
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee <[email protected]>
Changed-By: Bdale Garbee <[email protected]>
Description:
sudo - Provide limited super user privileges to specific users
sudo-ldap - Provide limited super user privileges to specific users
Closes: 863731
Changes:
sudo (1.8.20p1-1) unstable; urgency=high
.
* New upstream version with fix for CVE-2017-1000367, closes: #863731
Checksums-Sha1:
239d48f2af0632396afc65899c53b4addd05c2bd 1999 sudo_1.8.20p1-1.dsc
2138fca8c91c0504579aaf57fc39cee95486efd1 2930394 sudo_1.8.20p1.orig.tar.gz
5b824f96c1c38cf4d16b863f1137c0caea3100c1 23004 sudo_1.8.20p1-1.debian.tar.xz
ad0ec7e066cde24967ce968e1161e36e8e0faab3 765082
sudo-dbgsym_1.8.20p1-1_amd64.deb
366ef6229cc7de87f7f64d2efc1d733a37a5ca90 786094
sudo-ldap-dbgsym_1.8.20p1-1_amd64.deb
a071a61260739a81ace50ca4b817816297eded70 1109092 sudo-ldap_1.8.20p1-1_amd64.deb
0c6d00881e21e17df048f626d60bbec89072bb40 6909 sudo_1.8.20p1-1_amd64.buildinfo
84891b74f05edb8373c2ae16cd65df05165f4c55 1079036 sudo_1.8.20p1-1_amd64.deb
Checksums-Sha256:
3a9320911f325c4ff6b13354979630969781a41532bde4915bbd1fb7d26a55c3 1999
sudo_1.8.20p1-1.dsc
9e980eb23a60dd11f0f452e672e705d7a386882bc230c6e8483050e03182db1d 2930394
sudo_1.8.20p1.orig.tar.gz
0321906f38ab981393ca1facb0403f3136db7a644cd211fa6e6313ea6a077a32 23004
sudo_1.8.20p1-1.debian.tar.xz
0958711191b7f8f6b937d07db6dde5956ef72e5cdbcc8adb7ff05f496a64b19b 765082
sudo-dbgsym_1.8.20p1-1_amd64.deb
1c76d53f4282189bbbefb87a43167635952161fe358475e13f7a3be9b78a044d 786094
sudo-ldap-dbgsym_1.8.20p1-1_amd64.deb
61fce24df77df1a1735939433798fabdc637a328b20219330b672c7e635d1b7a 1109092
sudo-ldap_1.8.20p1-1_amd64.deb
9d45ad1819bdce6cc84932c95b2c8415466c8e43610cb46266c7bce32603df51 6909
sudo_1.8.20p1-1_amd64.buildinfo
da362970fb40a2790575a927c0b1a25bfc3f4052f10795aa397e58249e109808 1079036
sudo_1.8.20p1-1_amd64.deb
Files:
99ee91e103975854ca3e38329c54c8e4 1999 admin optional sudo_1.8.20p1-1.dsc
ac4878e052837019473103c6deb35621 2930394 admin optional
sudo_1.8.20p1.orig.tar.gz
68476d6d8aef1853023668ec54c94102 23004 admin optional
sudo_1.8.20p1-1.debian.tar.xz
6994e9768c4e5725a70cf1c44161c9cc 765082 debug extra
sudo-dbgsym_1.8.20p1-1_amd64.deb
b6645380fe9a489b06d6ac0c35a04083 786094 debug extra
sudo-ldap-dbgsym_1.8.20p1-1_amd64.deb
7e85e8934f826b4baf78eedefa52fd4e 1109092 admin optional
sudo-ldap_1.8.20p1-1_amd64.deb
db2ec50de0b9688102d94dc384d968ba 6909 admin optional
sudo_1.8.20p1-1_amd64.buildinfo
1c1e6a90bf5b05851659ffe0e145151b 1079036 admin optional
sudo_1.8.20p1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEhHDyCwYlkhh8unuzOpNhlsCV2UEFAlkt3P8ACgkQOpNhlsCV
2UEMdBAAvNuw+LuJihP1GGMNmtJ0w/ljtlU1jXRo4FrHeh7c06aAuNegNlwadhUt
0QGyOqVykBUVgjtmpY04mqxiQpXTrJtpL8z+BB6xsPMsyTS9OyLvYz1oAtPSvU1s
jMKqq88VkFmgdtu8wZs9x697pi0UkOa9/oVpDeuSayXHDrDYs5yN1M+vSwyJv7N6
sHqvIR08EsQRZr8PD4wf0wau/2fS4hD/NKZg3V5mDZR18ZUeOkHNApvY1ng8WdHK
NGF2MRq+0C9EZCMhMtLTCYzXGvvkKqZkAuHZzgjpmHGDbK2I8m6hf22VTuuy+GGp
0/NZOFtd/dG04Y+9C2KzWQMDgVrJzHzmTeSu0xTTTv2qox89vOhAfZzS5LzEoCRN
FKkU8qE4WEy8bcHJCXgfqmdeYa51kGcVPiuEj/uIUEkTXhG+JluKEQLd0/hjpWOk
ugRYPvTfij93kbtxQ7vZ491Y25cE4tGDviYARYHqsbaphM39QT5eDF7cAzqnq8f8
L54NzGwpVeT2SQbfqxYQfDIp4pvXoUvcMh2KxFpWBqoFtUcDng/VqvS6uhyg/90b
9UMQdgagA64HosTTrZQvLUkkh+5TdJuf5H00CoPjqae3WasFrLWA49kGRwBbTG/8
wBP4YvP1fPLd47cpejY547urKJxGeqI3yh9uFdfQ2/Qc94CXgUc=
=wsuR
-----END PGP SIGNATURE-----
--- End Message ---
