CVS commit: [pkgsrc-2010Q1] pkgsrc/security/sudo

["S.P.Zeidler" <spz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   spz
Date:           Sat Apr 17 08:34:13 UTC 2010

Modified Files:
        pkgsrc/security/sudo [pkgsrc-2010Q1]: Makefile distinfo
        pkgsrc/security/sudo/patches [pkgsrc-2010Q1]: patch-aa

Log Message:
Pullup ticket 3079 - requested by taca
security update

Revisions pulled up:
- pkgsrc/security/sudo/Makefile         1.120
- pkgsrc/security/sudo/distinfo         1.62
- pkgsrc/security/sudo/patches/patch-aa 1.23

   --------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Apr 16 15:33:52 UTC 2010

   Modified Files:
           pkgsrc/security/sudo: Makefile distinfo
           pkgsrc/security/sudo/patches: patch-aa

   Log Message:
   Update sudo package from sudo-1.7.2p4 to sudo-1.7.2p6.

   Sudo versions 1.7.2p6 and 1.6.9p22 are now available.  These releases
   fix a privilege escalation bug in the sudoedit functionality.

   Summary:
       A flaw exists in sudo's -e option (aka sudoedit) in sudo versions
       1.6.8 through 1.7.2p5 that may give a user with permission to
       run sudoedit the ability to run arbitrary commands.  This bug
       is related to, but distinct from, CVE 2010-0426.

   Sudo versions affected:
       1.6.8 through 1.7.2p5 inclusive.

   To generate a diff of this commit:
   cvs rdiff -u -r1.119 -r1.120 pkgsrc/security/sudo/Makefile
   cvs rdiff -u -r1.61 -r1.62 pkgsrc/security/sudo/distinfo
   cvs rdiff -u -r1.22 -r1.23 pkgsrc/security/sudo/patches/patch-aa


To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.119.2.1 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.61 -r1.61.2.1 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.22 -r1.22.4.1 pkgsrc/security/sudo/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.