#50356: sudo: Update to 1.8.15, CVE-2015-5602 --------------------+----------------------------- Reporter: cal@… | Owner: youvegotmoxie@… Type: update | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.4 Keywords: | Port: sudo --------------------+----------------------------- Hi, sudo has version 1.8.15 available. It attempts to fix CVE-2015-5602, but the problem is actually still present after that ![1,2,3]. Please update sudo to 1.8.15 and consider backporting the change that fixes the CVE and has been committed for sudo 1.8.16 ![4]. Here's a patch that does the gruntwork, I haven't looked into backporting the patch, though. {{{ #!diff Index: Portfile =================================================================== --- Portfile (revision 144755) +++ Portfile (working copy) @@ -5,8 +5,7 @@ name sudo epoch 1 -version 1.8.14p3 -revision 1 +version 1.8.15 categories sysutils security license ISC maintainers gmail.com:youvegotmoxie @@ -24,8 +23,8 @@ master_sites ${homepage}dist/ \ ${homepage}dist/OLD/ -checksums rmd160 209554c44467da8ebeeecc2134edbf42fce2244e \ - sha256 a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237 +checksums rmd160 676ee3249c2ddacd64de54d6555b820912b56f6f \ + sha256 4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308 patchfiles patch-sudoers.in.diff }}} I'm leaving this at normal priority, since the CVE doesn't affect our default installation. ![1] https://www.debian.org/security/2016/dsa-3440 [[BR]] ![2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149 [[BR]] ![3] https://bugzilla.sudo.ws/show_bug.cgi?id=707 [[BR]] ![4] https://www.sudo.ws/repos/sudo/rev/c2e36a80a279 -- Ticket URL: <https://trac.macports.org/ticket/50356> MacPorts <https://www.macports.org/> Ports system for OS X