Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1267136630.32734.104.camel@severus.strandboge.com>
Date: Thu, 25 Feb 2010 16:23:50 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: "Steven M. Christey" <coley@...us.mitre.org>, "Todd C. Miller" <Todd.Miller@...rtesan.com>
Subject: Re: CVE assignment notification -- CVE-2010-0427 --
 sudo fails to reset group permissions if runas_default set

On Tue, 2010-02-23 at 17:17 +0100, Jan Lieskovsky wrote:
> Affected versions:
>    a, issue tested and confirmed in sudo-1.6.9p17 version, prior v1.6.x
>       based versions might be also affected. Issue fixed
>       in upstream 1.6.9p21 version.

FYI,

1.6.9 is affected as far back as 1.6.9p10 (I didn't check farther) and
1.6.8p12 does not seem to be affected.

-- 
Jamie Strandboge             | http://www.canonical.com

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.