[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 18 Jan 2023 20:16:15 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269030

--- Comment #5 from commit-hook@FreeBSD.org ---
A commit in branch 2023Q1 references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=e4b0eefa183226d3d6cb8be568a5a3aa586c12b9

commit e4b0eefa183226d3d6cb8be568a5a3aa586c12b9
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-01-18 16:20:58 +0000
Commit:     Renato Botelho <garga@FreeBSD.org>
CommitDate: 2023-01-18 20:15:38 +0000

    security/sudo: Update to 1.9.12p2

    Major changes between sudo 1.9.12p2 and 1.9.12p1:

     * Fixed a compilation error on Linux/aarch64.  GitHub issue #197.

     * Fixed a potential crash introduced in the fix for GitHub issue #134.
       If a user's sudoers entry did not have any RunAs user's set,
       running "sudo -U otheruser -l" would dereference a NULL pointer.

     * Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
       from creating a I/O files when the "iolog_file" sudoers setting
       contains six or more Xs.

     * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit)
       that coud allow a malicious user with sudoedit privileges to
       edit arbitrary files.

    PR:             269030
    Submitted by:   cy
    Reported by:    cy
    Approved by:    garga
    MFH:            2023Q1
    Security:       CVE-2023-22809

    (cherry picked from commit 8f8bd813f3139d6f6ff35704808111c4ad1f053a)

 security/sudo/Makefile | 2 +-
 security/sudo/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.