[MacPorts] #50356: sudo: Update to 1.8.15, CVE-2015-5602
MacPorts
noreply at macports.org
Sun Jan 17 14:18:35 PST 2016
#50356: sudo: Update to 1.8.15, CVE-2015-5602
--------------------+-----------------------------
Reporter: cal@… | Owner: youvegotmoxie@…
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.3.4
Keywords: | Port: sudo
--------------------+-----------------------------
Hi,
sudo has version 1.8.15 available. It attempts to fix CVE-2015-5602, but
the problem is actually still present after that ![1,2,3]. Please update
sudo to 1.8.15 and consider backporting the change that fixes the CVE and
has been committed for sudo 1.8.16 ![4].
Here's a patch that does the gruntwork, I haven't looked into backporting
the patch, though.
{{{
#!diff
Index: Portfile
===================================================================
--- Portfile (revision 144755)
+++ Portfile (working copy)
@@ -5,8 +5,7 @@
name sudo
epoch 1
-version 1.8.14p3
-revision 1
+version 1.8.15
categories sysutils security
license ISC
maintainers gmail.com:youvegotmoxie
@@ -24,8 +23,8 @@
master_sites ${homepage}dist/ \
${homepage}dist/OLD/
-checksums rmd160 209554c44467da8ebeeecc2134edbf42fce2244e \
- sha256
a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237
+checksums rmd160 676ee3249c2ddacd64de54d6555b820912b56f6f \
+ sha256
4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308
patchfiles patch-sudoers.in.diff
}}}
I'm leaving this at normal priority, since the CVE doesn't affect our
default installation.
![1] https://www.debian.org/security/2016/dsa-3440 [[BR]]
![2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149 [[BR]]
![3] https://bugzilla.sudo.ws/show_bug.cgi?id=707 [[BR]]
![4] https://www.sudo.ws/repos/sudo/rev/c2e36a80a279
--
Ticket URL: <https://trac.macports.org/ticket/50356>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list