Opened 3 years ago

Closed 2 years ago

#50356 closed update (fixed)

sudo: Update to 1.8.15, CVE-2015-5602

Reported by: neverpanic (Clemens Lang) Owned by: youvegotmoxie@…
Priority: Normal Milestone:
Component: ports Version: 2.3.4
Keywords: Cc:
Port: sudo



sudo has version 1.8.15 available. It attempts to fix CVE-2015-5602, but the problem is actually still present after that [1,2,3]. Please update sudo to 1.8.15 and consider backporting the change that fixes the CVE and has been committed for sudo 1.8.16 [4].

Here's a patch that does the gruntwork, I haven't looked into backporting the patch, though.

  • Portfile

    66name                sudo
    77epoch               1
    8 version             1.8.14p3
    9 revision            1
     8version             1.8.15
    109categories          sysutils security
    1110license             ISC
    2423master_sites        ${homepage}dist/ \
    2524                    ${homepage}dist/OLD/
    27 checksums           rmd160  209554c44467da8ebeeecc2134edbf42fce2244e \
    28                     sha256  a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237
     26checksums           rmd160  676ee3249c2ddacd64de54d6555b820912b56f6f \
     27                    sha256  4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308

I'm leaving this at normal priority, since the CVE doesn't affect our default installation.


Change History (4)

comment:1 Changed 3 years ago by youvegotmoxie@…

Thank you, please do push this patch through as I am on holiday.

comment:2 Changed 3 years ago by youvegotmoxie@…

I will work on the backport from .16 to .15 when I get back.

comment:3 Changed 3 years ago by neverpanic (Clemens Lang)

Committed this patch in 145046, I'll leave the ticket open for the backport (or your decision not to).

comment:4 Changed 2 years ago by neverpanic (Clemens Lang)

Resolution: fixed
Status: newclosed

This has long been solved.

Note: See TracTickets for help on using tickets.