-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2011-01-19 10:39:09 UTC
-
Revision ID:
james.westby@ubuntu.com-20110119103909-21w2whs29g358rar
Tags: 1.7.2p1-1ubuntu5.3
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
Going forward, will need to look at this code also if a flaw is found in
this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
and 6ebc55d4716b.
- check.c: prompt for password when the user is running sudo as himself
but as a different group. Backported from fe8a94f96542.
- CVE-2011-0010