[MacPorts] #50356: sudo: Update to 1.8.15, CVE-2015-5602

Michael Beasley youvegotmoxie at gmail.com
Sat Jan 23 17:03:57 PST 2016 

On Jan 17, 2016 5:20 PM, "MacPorts" <noreply at macports.org> wrote:
>
> #50356: sudo: Update to 1.8.15, CVE-2015-5602
> --------------------+-----------------------------
>  Reporter:  cal@…   |      Owner:  youvegotmoxie@…
>      Type:  update  |     Status:  new
>  Priority:  Normal  |  Milestone:
> Component:  ports   |    Version:  2.3.4
>  Keywords:          |       Port:  sudo
> --------------------+-----------------------------
>  Hi,
>
>  sudo has version 1.8.15 available. It attempts to fix CVE-2015-5602, but
>  the problem is actually still present after that ![1,2,3]. Please update
>  sudo to 1.8.15 and consider backporting the change that fixes the CVE and
>  has been committed for sudo 1.8.16 ![4].
>
>  Here's a patch that does the gruntwork, I haven't looked into backporting
>  the patch, though.
>
>  {{{
>  #!diff
>  Index: Portfile
>  ===================================================================
>  --- Portfile    (revision 144755)
>  +++ Portfile    (working copy)
>  @@ -5,8 +5,7 @@
>
>   name                sudo
>   epoch               1
>  -version             1.8.14p3
>  -revision            1
>  +version             1.8.15
>   categories          sysutils security
>   license             ISC
>   maintainers         gmail.com:youvegotmoxie
>  @@ -24,8 +23,8 @@
>   master_sites        ${homepage}dist/ \
>                       ${homepage}dist/OLD/
>
>  -checksums           rmd160  209554c44467da8ebeeecc2134edbf42fce2244e \
>  -                    sha256
>  a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237
>  +checksums           rmd160  676ee3249c2ddacd64de54d6555b820912b56f6f \
>  +                    sha256
>  4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308
>
>   patchfiles          patch-sudoers.in.diff
>
>  }}}
>
>  I'm leaving this at normal priority, since the CVE doesn't affect our
>  default installation.
>
>  ![1] https://www.debian.org/security/2016/dsa-3440 [[BR]]
>  ![2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149 [[BR]]
>  ![3] https://bugzilla.sudo.ws/show_bug.cgi?id=707 [[BR]]
>  ![4] https://www.sudo.ws/repos/sudo/rev/c2e36a80a279
>
> --
> Ticket URL: <https://trac.macports.org/ticket/50356>
> MacPorts <https://www.macports.org/>
> Ports system for OS X

Thank you, will do tomorrow when I return from holiday.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-dev/attachments/20160123/2985ffa7/attachment-0001.html>

More information about the macports-dev mailing list