Bug#595935: marked as done (CVE-2010-1646: Flaw in Runas group matching)

[Debian Bug Tracking System]

Your message dated Tue, 07 Sep 2010 18:47:13 +0000
with message-id <e1ot3cl-000790...@franck.debian.org>
and subject line Bug#595935: fixed in sudo 1.7.4p4-1
has caused the Debian Bug report #595935,
regarding CVE-2010-1646: Flaw in Runas group matching
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
595935: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595935
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: sudo
Version: 1.6.9p17-2
Severity: grave
Tags: security
Justification: user security hole

Please see http://www.sudo.ws/sudo/alerts/runas_group.html for
details. Stable is not affected.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: sudo
Source-Version: 1.7.4p4-1

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.7.4p4-1_i386.deb
  to main/s/sudo/sudo-ldap_1.7.4p4-1_i386.deb
sudo_1.7.4p4-1.debian.tar.gz
  to main/s/sudo/sudo_1.7.4p4-1.debian.tar.gz
sudo_1.7.4p4-1.dsc
  to main/s/sudo/sudo_1.7.4p4-1.dsc
sudo_1.7.4p4-1_i386.deb
  to main/s/sudo/sudo_1.7.4p4-1_i386.deb
sudo_1.7.4p4.orig.tar.gz
  to main/s/sudo/sudo_1.7.4p4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 595...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bd...@gag.com> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Sep 2010 12:22:42 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source i386
Version: 1.7.4p4-1
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee <bd...@gag.com>
Changed-By: Bdale Garbee <bd...@gag.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 585514 593579 595935
Changes: 
 sudo (1.7.4p4-1) unstable; urgency=high
 .
   * new upstream version, urgency high due to fix for flaw in Runas group
     matching (CVE-2010-2956), closes: #595935
   * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
     re-lecturing existing users, and to clean up after ourselves on upgrade,
     and remove the RAMRUN section from README.Debian since the new state dir
     should fix the original problem, closes: #585514
   * deliver README.Debian to both package flavors, closes: #593579
Checksums-Sha1: 
 7377ad03028b524060f7c59177dec2084ebc415f 1669 sudo_1.7.4p4-1.dsc
 c873f509f80d5722989a912a42a61ad27b71453f 963663 sudo_1.7.4p4.orig.tar.gz
 18f9b133992bc9319ac353e7839d12268eea8e7b 20540 sudo_1.7.4p4-1.debian.tar.gz
 fbfb849e28bc01fbe67ee7264519455424d40d24 593020 sudo_1.7.4p4-1_i386.deb
 abd59170bb040936a4b8509f9f1c02965820eb19 618108 sudo-ldap_1.7.4p4-1_i386.deb
Checksums-Sha256: 
 8c1e64db55f5a710bb189ca5f5c5a42b57e7971833b2d586ea743932de46b2a1 1669 
sudo_1.7.4p4-1.dsc
 38de3c3e08346b2b8dcb3cf7ed0813300d1a1d5696d0f338ea8a4ef232aacf97 963663 
sudo_1.7.4p4.orig.tar.gz
 69ac8c9f6eac67ae70852b64cb42652ec68db77fa8a16e49e26b51743ac900cd 20540 
sudo_1.7.4p4-1.debian.tar.gz
 58d36ee52632801ea1c2c8c5b618ecfeeecfb07e574261ed63105f6554ed9103 593020 
sudo_1.7.4p4-1_i386.deb
 a727f634b9f54acc2757cb8457f0f4853e8e797bc80ed409bb1a6eb9e91861f1 618108 
sudo-ldap_1.7.4p4-1_i386.deb
Files: 
 21044faa8d9bbe17cefe14ca2cfca167 1669 admin optional sudo_1.7.4p4-1.dsc
 55d9906535d70a1de347cd3d3550ee87 963663 admin optional sudo_1.7.4p4.orig.tar.gz
 dba734590b5fc4144a6d152828f20b84 20540 admin optional 
sudo_1.7.4p4-1.debian.tar.gz
 c55337a17a171c36f79b3f35d428052c 593020 admin optional sudo_1.7.4p4-1_i386.deb
 1554dd1f110ad0afc0957ad9e189229f 618108 admin optional 
sudo-ldap_1.7.4p4-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTIaEmDqTYZbAldlBAQpzFw/+Mza268fxxzwVusVu6a3tCrCwwLMkEo0g
v83AaiyqQOEzezyhaYAlCzj1fBK2aNviVp5LAz8uKy4fxhlR/gNZ2VNfzsfUTf6z
3bbCANSiExxsHKrRlfSGVss6iLhtmqG6yAsVAIHj1Xd1vn0trJBBUgmBcAUhBhfI
sBL7Ow1zDhE0M45Y0N+5Jx/5k7cNPOmZ/GfX2ED+5relMpFiZEyvzUMvI6wa+2tg
4ObvGFqfxPcrBWUYWD0OVc98mE0wU0Y0ktowXSiXx+FrH4s03ieI4BeZNQRXKpz0
Sm+CUEqlQXN8XsoILzMbd6w1Nl4Benc8f6+3lqYMTEUNbhHJ6T8/ZV+Gt2LVJ6KX
u0ZPJKgtc3JjyUZD+jGl78yLQ6urFcqEk4gcPYOfJRWQGCAraubslvebDCBErl42
S7CNws2YYaOIicUgiA6iNqLzjpz+W2hma0iPIZIjjVjtDQ2Fer+YUknpJ4UI54yb
i2mneHkkDBMAa8uETrgG0LJ3r5RYLQIfhvHCQ9VwIiBqmyxrDILmOXhAUgGDnnit
vSIpouaSjrqI5uC9QXR6IccmwjEaxk1xYyNdtWFvg46gRa5Lw8SKvJJC/O5jSZ0i
1JiluOBUjpKC++ehSNsOwiZFn0kj+kK0fJx1LD5AzKH/45Sydgv9PBb29+hnHd+2
2SaHxcXdZAs=
=kJpr
-----END PGP SIGNATURE-----

--- End Message ---