Sudo 1.8.20p1

author Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 29 May 2017 20:36:17 +0000 (14:36 -0600)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 29 May 2017 20:36:17 +0000 (14:36 -0600)
author Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 29 May 2017 20:36:17 +0000 (14:36 -0600)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 29 May 2017 20:36:17 +0000 (14:36 -0600)
diff --git a/NEWS b/NEWS

index 171b33bf548e91fdb37c3e023ec6ca019a48fbe7..6fba29a2addbe7acf8b427c9d3f5167b95171ed5 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,16 @@
+What's new in Sudo 1.8.20p1
+
+ * Fixed "make check" when using OpenSSL or GNU crypt.
+   Bug #787.
+
+ * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
+   when the process name contains spaces.  Since the user has control
+   over the command name, this could potentially be used by a user
+   with sudo access to overwrite an arbitrary file on systems with
+   SELinux enabled.  Also stop performing a breadth-first traversal
+   of /dev when looking for the device; only a hard-coded list of
+   directories are checked,
+
  What's new in Sudo 1.8.20
  
   * Added support for SASL_MECH in ldap.conf. Bug #764
diff --git a/configure b/configure

old mode 100755 (executable)

new mode 100644 (file)
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 29 May 2017 20:36:17 +0000 (14:36 -0600)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 29 May 2017 20:36:17 +0000 (14:36 -0600)
NEWS		patch \| blob \| history
configure	[changed mode: 0755->0644]	patch \| blob \| history