Comment 1 Tobias Heinlein (RETIRED) 2010-05-27 14:43:01 UTC

Arches, please test and mark stable ASAP:
=app-admin/sudo-1.7.2_p6
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 2 Peter Volkov (RETIRED) 2010-05-28 07:40:48 UTC

amd64 stable.

Comment 3 Joe Jezak (RETIRED) 2010-05-28 18:07:52 UTC

Marked ppc/ppc64 stable.

Comment 4 Raúl Porcel (RETIRED) 2010-05-28 18:14:10 UTC

alpha/arm/ia64/m68k/s390/sh/sparc/x86 stable

Comment 5 Jeroen Roovers (RETIRED) 2010-05-29 17:49:01 UTC

Stable for HPPA.

Comment 6 Tobias Heinlein (RETIRED) 2010-05-29 20:27:01 UTC

GLSA request filed.

Comment 7 Tobias Heinlein (RETIRED) 2010-05-30 14:47:31 UTC

CVE-2010-1163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1163):
  The command matching functionality in sudo 1.6.8 through 1.7.2p5 does
  not properly handle when a file in the current working directory has
  the same name as a pseudo-command in the sudoers file and the PATH
  contains an entry for ".", which allows local users to execute
  arbitrary commands via a Trojan horse executable, as demonstrated
  using sudoedit, a different vulnerability than CVE-2010-0426.

Comment 8 Alex Legler (RETIRED) 2010-06-02 21:25:38 UTC

GLSA 201006-09