HomeFreeBSD

security/sudo: Update to 1.9.12p2

Description

security/sudo: Update to 1.9.12p2

Major changes between sudo 1.9.12p2 and 1.9.12p1:

  • Fixed a compilation error on Linux/aarch64. GitHub issue #197.
  • Fixed a potential crash introduced in the fix for GitHub issue #134. If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer.
  • Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
  • Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit) that coud allow a malicious user with sudoedit privileges to edit arbitrary files.

PR: 269030
Submitted by: cy
Reported by: cy
Approved by: garga
MFH: 2023Q1
Security: CVE-2023-22809

(cherry picked from commit 8f8bd813f3139d6f6ff35704808111c4ad1f053a)

Details

Provenance
cyAuthored on Jan 18 2023, 4:20 PM
gargaCommitted on Jan 18 2023, 8:15 PM
Parents
R11:e55bfd1cf75a: x11/hyprpaper: update to s20230115
Branches
Unknown
Tags
Unknown