<p dir="ltr"><br>
On Jan 17, 2016 5:20 PM, "MacPorts" <<a href="mailto:noreply@macports.org">noreply@macports.org</a>> wrote:<br>
><br>
> #50356: sudo: Update to 1.8.15, CVE-2015-5602<br>
> --------------------+-----------------------------<br>
> Reporter: cal@… | Owner: youvegotmoxie@…<br>
> Type: update | Status: new<br>
> Priority: Normal | Milestone:<br>
> Component: ports | Version: 2.3.4<br>
> Keywords: | Port: sudo<br>
> --------------------+-----------------------------<br>
> Hi,<br>
><br>
> sudo has version 1.8.15 available. It attempts to fix CVE-2015-5602, but<br>
> the problem is actually still present after that ![1,2,3]. Please update<br>
> sudo to 1.8.15 and consider backporting the change that fixes the CVE and<br>
> has been committed for sudo 1.8.16 ![4].<br>
><br>
> Here's a patch that does the gruntwork, I haven't looked into backporting<br>
> the patch, though.<br>
><br>
> {{{<br>
> #!diff<br>
> Index: Portfile<br>
> ===================================================================<br>
> --- Portfile (revision 144755)<br>
> +++ Portfile (working copy)<br>
> @@ -5,8 +5,7 @@<br>
><br>
> name sudo<br>
> epoch 1<br>
> -version 1.8.14p3<br>
> -revision 1<br>
> +version 1.8.15<br>
> categories sysutils security<br>
> license ISC<br>
> maintainers gmail.com:youvegotmoxie<br>
> @@ -24,8 +23,8 @@<br>
> master_sites ${homepage}dist/ \<br>
> ${homepage}dist/OLD/<br>
><br>
> -checksums rmd160 209554c44467da8ebeeecc2134edbf42fce2244e \<br>
> - sha256<br>
> a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237<br>
> +checksums rmd160 676ee3249c2ddacd64de54d6555b820912b56f6f \<br>
> + sha256<br>
> 4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308<br>
><br>
> patchfiles patch-sudoers.in.diff<br>
><br>
> }}}<br>
><br>
> I'm leaving this at normal priority, since the CVE doesn't affect our<br>
> default installation.<br>
><br>
> ![1] <a href="https://www.debian.org/security/2016/dsa-3440">https://www.debian.org/security/2016/dsa-3440</a> [[BR]]<br>
> ![2] <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149</a> [[BR]]<br>
> ![3] <a href="https://bugzilla.sudo.ws/show_bug.cgi?id=707">https://bugzilla.sudo.ws/show_bug.cgi?id=707</a> [[BR]]<br>
> ![4] <a href="https://www.sudo.ws/repos/sudo/rev/c2e36a80a279">https://www.sudo.ws/repos/sudo/rev/c2e36a80a279</a><br>
><br>
> --<br>
> Ticket URL: <<a href="https://trac.macports.org/ticket/50356">https://trac.macports.org/ticket/50356</a>><br>
> MacPorts <<a href="https://www.macports.org/">https://www.macports.org/</a>><br>
> Ports system for OS X</p>
<p dir="ltr">Thank you, will do tomorrow when I return from holiday.</p>