Bug#772707: squeeze update of sudo?
On Mon, 23 Feb 2015 11:48:35 +0100 Raphael Hertzog hert...@debian.org wrote: Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of your package: https://security-tracker.debian.org/tracker/CVE-2014-9680 https://security-tracker.debian.org/tracker/CVE-2014-0106 (the latter has been ignored up-to-now but since we have to prepare an update, we might as well include the fix in this update) Fix for CVE-2014-9680. marko@debian:~$ echo moo tz marko@debian:~$ chmod 0 tz marko@debian:~$ cat tz cat: tz: Permission denied marko@debian:~$ TZ=$PWD/tz sudo -u root strace -e read date sudo: strace: command not found marko@debian:~$ TZ=$PWD/tz sudo -u root strace -e read date read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\220!\0\0\0\0\0\0..., 832) = 832 read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\300\357\1\0\0\0\0\0..., 832) = 832 read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0@\\\0\0\0\0\0\0..., 832) = 832 read(3, TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0..., 4096) = 1931 read(3, TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0\0\0\0..., 4096) = 1230 Thu Feb 26 15:25:44 CET 2015 Best regards -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road sudo_1.7.4p4-2.squeeze.5.debian.tar.gz Description: GNU Zip compressed data sudo_1.7.4p4-2.squeeze.5.dsc Description: Binary data
Bug#772707: squeeze update of sudo?
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of your package: https://security-tracker.debian.org/tracker/CVE-2014-9680 https://security-tracker.debian.org/tracker/CVE-2014-0106 (the latter has been ignored up-to-now but since we have to prepare an update, we might as well include the fix in this update) Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: http://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-...@lists.debian.org (via a debdiff, or with an URL pointing to the the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Raphaël Hertzog, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
