[MacPorts] #50356: sudo: Update to 1.8.15, CVE-2015-5602
Michael Beasley
youvegotmoxie at gmail.com
Sat Jan 23 17:03:57 PST 2016
On Jan 17, 2016 5:20 PM, "MacPorts" <noreply at macports.org> wrote:
>
> #50356: sudo: Update to 1.8.15, CVE-2015-5602
> --------------------+-----------------------------
> Reporter: cal@… | Owner: youvegotmoxie@…
> Type: update | Status: new
> Priority: Normal | Milestone:
> Component: ports | Version: 2.3.4
> Keywords: | Port: sudo
> --------------------+-----------------------------
> Hi,
>
> sudo has version 1.8.15 available. It attempts to fix CVE-2015-5602, but
> the problem is actually still present after that ![1,2,3]. Please update
> sudo to 1.8.15 and consider backporting the change that fixes the CVE and
> has been committed for sudo 1.8.16 ![4].
>
> Here's a patch that does the gruntwork, I haven't looked into backporting
> the patch, though.
>
> {{{
> #!diff
> Index: Portfile
> ===================================================================
> --- Portfile (revision 144755)
> +++ Portfile (working copy)
> @@ -5,8 +5,7 @@
>
> name sudo
> epoch 1
> -version 1.8.14p3
> -revision 1
> +version 1.8.15
> categories sysutils security
> license ISC
> maintainers gmail.com:youvegotmoxie
> @@ -24,8 +23,8 @@
> master_sites ${homepage}dist/ \
> ${homepage}dist/OLD/
>
> -checksums rmd160 209554c44467da8ebeeecc2134edbf42fce2244e \
> - sha256
> a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237
> +checksums rmd160 676ee3249c2ddacd64de54d6555b820912b56f6f \
> + sha256
> 4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308
>
> patchfiles patch-sudoers.in.diff
>
> }}}
>
> I'm leaving this at normal priority, since the CVE doesn't affect our
> default installation.
>
> ![1] https://www.debian.org/security/2016/dsa-3440 [[BR]]
> ![2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149 [[BR]]
> ![3] https://bugzilla.sudo.ws/show_bug.cgi?id=707 [[BR]]
> ![4] https://www.sudo.ws/repos/sudo/rev/c2e36a80a279
>
> --
> Ticket URL: <https://trac.macports.org/ticket/50356>
> MacPorts <https://www.macports.org/>
> Ports system for OS X
Thank you, will do tomorrow when I return from holiday.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-dev/attachments/20160123/2985ffa7/attachment-0001.html>
More information about the macports-dev
mailing list