oss-sec mailing list archives

Re: CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set

From: Jamie Strandboge <jamie () canonical com>
Date: Thu, 25 Feb 2010 16:23:50 -0600

On Tue, 2010-02-23 at 17:17 +0100, Jan Lieskovsky wrote:

Affected versions:
   a, issue tested and confirmed in sudo-1.6.9p17 version, prior v1.6.x
      based versions might be also affected. Issue fixed
      in upstream 1.6.9p21 version.


FYI,

1.6.9 is affected as far back as 1.6.9p10 (I didn't check farther) and
1.6.8p12 does not seem to be affected.

-- 
Jamie Strandboge             | http://www.canonical.com

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set Jan Lieskovsky (Feb 23)
- Re: CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set Jamie Strandboge (Feb 24)
  - Re: CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set Jan Lieskovsky (Feb 24)
- Re: CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set Jamie Strandboge (Feb 25)