I picked one of the bugs (see bottom of email). Is this sort of information is useful to the security team and if so, how?
vulnerability: sudo race condition. Severity: High Type: local References: CAN-2005-1993 BID:13993 URL:http://www.securityfocus.com/bid/13993 http://www.sudo.ws/sudo/alerts/path_race.html Affected version: 1.3.1 up to and including 1.6.8p8. Debian versions: woody: sudo_1.6.6-1.3 sarge: sudo_1.6.8p7-1.1 testing: sudo_1.6.8p7-1.1 unstable: sudo_1.6.8p7-1.1 No mention of the bug in the changelog: http://smallr.com/so Status: Debian is affected Actions that need to be taken: Package Maintainer Action: Create new sudo package version 1.6.8p9 or greater. Request a patch from the maintainers. http://www.sudo.ws/sudo/authors.html User Action: Upgrade: The bug is fixed in sudo 1.6.8p9. There is no package available so a local build or install will be required. Current Workaround: The administrator can order the sudoers file such that all entries granting Sudo ALL privileges precede all other entries. Harry Join team plico. http://www.hjackson.org/cgi-bin/folding/index.pl __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
