[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 18 Jan 2023 17:09:46 UTC

--- Comment #4 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:


commit 8f8bd813f3139d6f6ff35704808111c4ad1f053a
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-01-18 16:20:58 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2023-01-18 17:08:35 +0000

    security/sudo: Update to 1.9.12p2

    Major changes between sudo 1.9.12p2 and 1.9.12p1:

     * Fixed a compilation error on Linux/aarch64.  GitHub issue #197.

     * Fixed a potential crash introduced in the fix for GitHub issue #134.
       If a user's sudoers entry did not have any RunAs user's set,
       running "sudo -U otheruser -l" would dereference a NULL pointer.

     * Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
       from creating a I/O files when the "iolog_file" sudoers setting
       contains six or more Xs.

     * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit)
       that coud allow a malicious user with sudoedit privileges to
       edit arbitrary files.

    PR:             269030
    Submitted by:   cy
    Reported by:    cy
    Approved by:    garga
    MFH:            2023Q1
    Security:       CVE-2023-22809

 security/sudo/Makefile | 2 +-
 security/sudo/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

You are receiving this mail because:
You are on the CC list for the bug.