Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 633704

Summary: GLSA 201705-15 is checking one version of sudo package that does not have the full fix for the problem
Product: Gentoo Security Reporter: Renato Foot <costallat>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: costallat
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=620482
Whiteboard:
Package list:
Runtime testing required: ---

Description Renato Foot 2017-10-07 13:40:55 UTC 
Checking some CVEs here at my work, I found that the GLSA 201705-15 is checking for one version of the sudo package, that doesn't have the full fix for the problem!


https://www.sudo.ws/alerts/linux_tty.html

Sudo versions affected:

Sudo 1.7.10 through 1.7.10p9 inclusive and Sudo 1.8.5 through 1.8.20p1 inclusive.

The fix present in sudo 1.8.20p1 was incomplete. 


GSLA:
"Unaffected versions 	>= 1.8.20_p1" "
Comment 1 Renato Foot 2017-10-07 13:43:22 UTC 
https://security.gentoo.org/glsa/201705-15
Comment 2 Larry the Git Cow gentoo-dev 2017-10-07 14:26:21 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=a1ab9225f014c12703d38a47822edddfddb007ce

commit a1ab9225f014c12703d38a47822edddfddb007ce
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2017-10-07 14:25:15 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2017-10-07 14:25:15 +0000

    Fix GLSA-201705-15
    
    Closes: https://bugs.gentoo.org/633704

 glsa-201705-15.xml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-07 14:28:43 UTC 
Sorry for ignoring you comment https://bugs.gentoo.org/620182#c5 and thank you for your tenacity.
Comment 5 Renato Foot 2017-10-10 14:08:46 UTC 
(In reply to Thomas Deutschmann from comment #3)
> Sorry for ignoring you comment https://bugs.gentoo.org/620182#c5 and thank
> you for your tenacity.

No problem!

I'm glad to help!

Tks!