Debian Bug report logs - #349196
sudo: DSA-946-1 broke joe horribly

version graph

Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gag.com>; Source for sudo is src:sudo.

Reported by: Josip Rodin <joy@debbugs.entuzijast.net>

Date: Sat, 21 Jan 2006 14:03:05 UTC

Severity: critical

Tags: patch

Merged with 349549, 349587, 349729

Found in version sudo/1.6.8p7-1.3

Fixed in version sudo/1.6.8p12-2

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Full log


Message #43 received at 349196@bugs.debian.org (full text, mbox):

Received: (at 349196) by bugs.debian.org; 3 Mar 2006 11:18:12 +0000
From jeroen@wolffelaar.nl Fri Mar 03 03:18:12 2006
Return-path: <jeroen@wolffelaar.nl>
Received: from a-eskwadraat.nl ([131.211.39.72])
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1FF8IW-00017t-HY; Fri, 03 Mar 2006 03:18:12 -0800
Received: from 22pc220.sshunet.nl ([145.97.220.22] helo=bla.wolffelaar.nl)
	by a-eskwadraat.nl with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.50)
	id 1FF8IT-0004lG-Bh; Fri, 03 Mar 2006 12:18:09 +0100
Received: from jeroen by bla.wolffelaar.nl with local (Exim 4.50)
	id 1FF8IT-0001UG-7u; Fri, 03 Mar 2006 12:18:09 +0100
Date: Fri, 3 Mar 2006 12:18:09 +0100
To: Mikko Rapeli <mikko.rapeli@vtt.fi>, 349196@bugs.debian.org,
	Debian Bugs Control Bot <control@bugs.debian.org>
Cc: team@security.debian.org
Subject: Re: a fix for sudo in sarge
Message-ID: <20060303111809.GA5689@wolffelaar.nl>
References: <20060209152830.GI13465@tko1136.vtt.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060209152830.GI13465@tko1136.vtt.fi>
User-Agent: Mutt/1.5.9i
From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
tags 349196 + patch
thanks

On Thu, Feb 09, 2006 at 05:28:30PM +0200, Mikko Rapeli wrote:
> This seems to work and allows me to use ethereal remotely through ssh again.
> 
> The for loop was just copied from above and keepit changed to okvar, so this is
> pretty simple. We did go through all the bits and if clauses and tested the
> result manually. The manual page changes are pretty obvious too.
> 
> I did not go through the list of environment variables mentioned on 
> manual pages and 'sudo -V' when run as root, but perhaps the documentation
> is enough as this is only first aid for sarge.

Thank you for preparing a patch.

Bdale, Security team, what do you think about it?

--Jeroen

-- 
Jeroen van Wolffelaar
jeroen@wolffelaar.nl
http://jeroen.A-Eskwadraat.nl



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 11:02:56 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.