Bug#863731: marked as done (sudo: CVE-2017-1000367: Potential overwrite of arbitrary files)

[Debian Bug Tracking System]

Your message dated Thu, 01 Jun 2017 03:05:40 +0000
with message-id <e1dggqe-0001a1...@fasolo.debian.org>
and subject line Bug#863731: fixed in sudo 1.8.19p1-2
has caused the Debian Bug report #863731,
regarding sudo: CVE-2017-1000367: Potential overwrite of arbitrary files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863731: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863731
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: sudo
Version: 1.8.10p3-1
Severity: grave
Tags: security upstream patch fixed-upstream
Justification: user security hole

Hi,

the following vulnerability was published for sudo.

CVE-2017-1000367[0]:
Potential overwrite of arbitrary files

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-1000367
[1] http://www.openwall.com/lists/oss-security/2017/05/30/16
[2] https://www.sudo.ws/alerts/linux_tty.html
[3] https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: sudo
Source-Version: 1.8.19p1-2

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 863...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bd...@gag.com> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 May 2017 22:35:01 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source amd64
Version: 1.8.19p1-2
Distribution: stretch
Urgency: high
Maintainer: Bdale Garbee <bd...@gag.com>
Changed-By: Bdale Garbee <bd...@gag.com>
Description:
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 863731
Changes:
 sudo (1.8.19p1-2) stretch; urgency=high
 .
   * patch from upstream to fix CVE-2017-1000367, closes: #863731
Checksums-Sha1:
 fd1fd34356d5cf56ba28a3d58445543504a29e91 1999 sudo_1.8.19p1-2.dsc
 5e198c5a04e9b818fa86fbf5ce3f727e413e926a 25140 sudo_1.8.19p1-2.debian.tar.xz
 2b04e41d08e9dd3e3e330b8c557049d6e6a0bc02 724450 
sudo-dbgsym_1.8.19p1-2_amd64.deb
 bd63bfafcc11fd05a529fae8d9477fc897d444de 745066 
sudo-ldap-dbgsym_1.8.19p1-2_amd64.deb
 931c4713ecb1db8d4cfc90892ef06887c4c08bb4 1084130 sudo-ldap_1.8.19p1-2_amd64.deb
 69eba8c75a6f4887941f3f534d76c7cc54aef171 6913 sudo_1.8.19p1-2_amd64.buildinfo
 27354a076bf07d5618728f4ff3a8cf181e59494e 1054316 sudo_1.8.19p1-2_amd64.deb
Checksums-Sha256:
 544819b1e2ba2f316108d4a469e0fb593d6ee9af7edc303f7b347af46e02b6b1 1999 
sudo_1.8.19p1-2.dsc
 f7308996990e681eff2bf9ecd19df32178099d061d833f810d89c2382bda3692 25140 
sudo_1.8.19p1-2.debian.tar.xz
 5f0209e779dc64281e7b3b116a1c3aa2ae2c7d6f5e3ec8f3ec3de9c19eb4a475 724450 
sudo-dbgsym_1.8.19p1-2_amd64.deb
 66640adc8be45a5ae91095b58df1bb5c7b15af942e63b3a42960a4dc2702d18f 745066 
sudo-ldap-dbgsym_1.8.19p1-2_amd64.deb
 a9d354122d5739954692d930efd39fa8327e1aedb4e736261bbb92ade2c7aaad 1084130 
sudo-ldap_1.8.19p1-2_amd64.deb
 ac1e5711f1ea9a64aaafe7a4cc632fcbabc9015913376368df29057f3ef76750 6913 
sudo_1.8.19p1-2_amd64.buildinfo
 916292c854a7ca67fc6d01f38d1a839347111d4df8fcc58d1515b27f3aa622a8 1054316 
sudo_1.8.19p1-2_amd64.deb
Files:
 c272703ab1f42a4f25f418a709004cd1 1999 admin optional sudo_1.8.19p1-2.dsc
 67fbff0c484282a3d1fb0d69687b7909 25140 admin optional 
sudo_1.8.19p1-2.debian.tar.xz
 5f32142bc2e9c02007fa02982605d0e2 724450 debug extra 
sudo-dbgsym_1.8.19p1-2_amd64.deb
 e09212b4abf9d2a7949e6e83aee6731d 745066 debug extra 
sudo-ldap-dbgsym_1.8.19p1-2_amd64.deb
 43fefaa9173e760a8659bc7b3e445ff2 1084130 admin optional 
sudo-ldap_1.8.19p1-2_amd64.deb
 b754882165494c4c61af5608c2f8c6f7 6913 admin optional 
sudo_1.8.19p1-2_amd64.buildinfo
 04e6563fbbc38568600e5bcd18f28a9d 1054316 admin optional 
sudo_1.8.19p1-2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEhHDyCwYlkhh8unuzOpNhlsCV2UEFAlkvf4kACgkQOpNhlsCV
2UGwShAAl1hH4jpUk9mYp9aH+cIOBx0Oe7q8874+RuTSrklSQTnQQscu/0nBIq+d
0IPSajS+F7WzcZn0qbcb8P24USsgGT+29Z1uzOJzwIJXxziW2wkzLXCSvdOjj0Sa
CZjf4hFSVZ9DuB5f7r5JFjDh0+j6hZGXij15BIT2cDiq2WChPPlFKZ60oHg2mA21
7/BuKoH3MfV1cc/IjTXBpj6Yg+9OMVRWOTBxH36RotzZ9SDSZSHvs8CJu6L3EdmU
YotcT571OBBZUpUrs0cWy8Y0AcwKco5l8RpM+qKB9U1d/bKU3Gyr2ne8bfO0sfqY
YTAtUv5aMXv69u0qEuB1FFya5x7wfVXx8Nj97jI9cO81mD5Cqzxij2G96qXzFiyi
w5DADi3cn1tRKGR3sJn2UNtroZsGDzbFbB3/q209FNfoxV39jKslLo+Ml9asnkrL
pIxKoU6PtdqifcebAkCwJgjpjwEtohP8FomI3NvdazaAWQZZgxiX9Z9heXTHXYfZ
Bo5D11yvyyVUV4gzWgI3BYdNkS7jhtnLQVVlEzXnvO758lbki0byBshd39u/3jdF
QUVSyTsfpcP5LbVowJWNuX2sM1m3jkX23JDK3v6sfPREZw3OjqtQo4xHIHEhzvDw
9tyDOpfW9nYZAKRmEzahFs4GWgbXhUSGukTiWX0Ir0YpUm0B//8=
=fDh2
-----END PGP SIGNATURE-----

--- End Message ---