See $URL. Maintainers, please commit an updated ebuild.
Diego allowed me to bump it, which I just did. Arches, please test and mark stable: =app-admin/sudo-1.7.2_p4 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
x86 stable
ppc64 done
Stable for HPPA.
Stable for PPC.
amd64 stable.
CVE-2010-0426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0426): sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. CVE-2010-0427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0427): sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
alpha/arm/ia64/m68k/s390/sh/sparc stable
GLSA request filed.
MIPS guys: please see to add ~mips ASAP
In [0] points some new issues with sudoedit. This affects up to 1.7.2p5. [0] http://sudo.ws/sudo/alerts/sudoedit_escalate2.html
p6 is in tree, since p6 is a different (but related) problem and p4 is all stable, maybe a new bug?
(In reply to comment #12) > p6 is in tree, since p6 is a different (but related) problem and p4 is all > stable, maybe a new bug? > Right. I just filed bug 321697. This bug here is fixed, it's only kept open for ~mips.
just for the record, as I didn't see it mentioned... this was GLSA 201003-01