Summary: | <app-admin/sudo-1.8.12: Unsafe handling of TZ environment variable (CVE-2014-9680) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, hanno |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2015/q1/486 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2015-02-09 22:31:39 UTC
+ *sudo-1.8.12 (10 Feb 2015) + + 10 Feb 2015; Lars Wendler <polynomial-c@gentoo.org> -sudo-1.8.6_p7.ebuild, + +sudo-1.8.12.ebuild: + Security bump (bug #539532). Removed old. Guys, dunno why I failed to report this in the bug here but this has been added to the tree over a month ago. Arches please test and mark stable =app-admin/sudo-1.8.12 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris amd64 stable x86 stable sparc stable alpha stable Stable for HPPA. ppc64 stable arm stable This issue was resolved and addressed in GLSA 201504-02 at https://security.gentoo.org/glsa/201504-02 by GLSA coordinator Mikle Kolyada (Zlogene). ia64/ppc stable Maintainer(s), please drop the vulnerable version(s). + 06 Jun 2015; Lars Wendler <polynomial-c@gentoo.org> -sudo-1.8.11_p1.ebuild, + -sudo-1.8.11_p2.ebuild: + Removed vulnerable versions. + Vulnerable versions dropped per previous comments and this was addressed in https://security.gentoo.org/glsa/201504-02 |