Your message dated Wed, 16 Oct 2019 19:50:40 +0000
with message-id <[email protected]>
and subject line Bug#942322: fixed in sudo 1.8.27-1.1
has caused the Debian Bug report #942322,
regarding sudo: CVE-2019-14287: Potential bypass of Runas user restrictions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
942322: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942322
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sudo
Version: 1.8.27-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1 1.8.19p1-2.1
Control: fixed -1 1.8.19p1-2.1+deb9u1
Control: fixed -1 1.8.27-1+deb10u1

Hi,

The following vulnerability was published for sudo.

CVE-2019-14287[0]:
Potential bypass of Runas user restrictions

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-14287
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
[1] https://www.sudo.ws/alerts/minus_1_uid.html

Please adjust the affected versions in the BTS as needed. It will be
fixed in a DSA for stretch- and buster-security.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.8.27-1.1

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 14 Oct 2019 21:10:58 +0200
Source: sudo
Architecture: source
Version: 1.8.27-1.1
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 942322
Changes:
 sudo (1.8.27-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287)
     (Closes: #942322)
   * Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
Checksums-Sha1: 
 7d929c2ac7bedd34a8ed1d60cb7367aef3125f5f 2106 sudo_1.8.27-1.1.dsc
 4546c1696e01b9af17f6dd0694d8e58bd81814b2 25672 sudo_1.8.27-1.1.debian.tar.xz
Checksums-Sha256: 
 29541e25ae299b6b2d8ccf0babee15a63b00ff53cba9b061e66bc545962efb53 2106 
sudo_1.8.27-1.1.dsc
 33ad443bb02db64d7c00cb52148650f94061320ac21870dc8c20c385b055c775 25672 
sudo_1.8.27-1.1.debian.tar.xz
Files: 
 a794eae33c67379347b2dea93a654891 2106 admin optional sudo_1.8.27-1.1.dsc
 000bedfd4cbfa42334be85cc45ed9f00 25672 admin optional 
sudo_1.8.27-1.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2kynpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EmdEP/jeiSU6L21LWhRSibBIBpayeE8nExp3l
8i5VQL/W+JNOxyBVhL4TKOf5khcSFr1zqUhS7zIYzwF+/Pgo0O67VT3i7O+X51Ig
bDz+U0bBkLlXWrmnh4zIRH8XwYdNZJyB483iFcLHAq6xvJLeqql60vecpqu83yEL
SyK7Mt9jlwbtPtX8K3n9PY3Dw2sMS1W3IUxrLAb4ves87oFEKvu4+AWogcmEYusE
qAm18Fr9zkKdmnYI5mmrbF7Y1fu6ycnMFeXTZRfQFQDvgX5jGddLrTWEpPYsGfe/
yBhZRD28FIeeuSJ1BhXVeKNR4T0upaN+XEIQtQX62SickFUzXCYgQxsifClUw+mT
z2XdCgiOcgUiKearsPt1yjciyKWnEeYkG75YCJPU5Nyo3lvkpZwBbZiT7X7RnxK6
16TJR1QniRFz+ZHK2pJpKJFmAqlsSEXgK6yq0rEd+HrWVMuVdpb5IWcLMMvuVBJL
nbiphQaSuhVdjnnB1IQnuvn4O2D6zCHyR1hNVfNP+ysde1vEJKbNu5kgY5lo3kRt
Mx90yiV/WeRib0ouj4K8PwMBsMH/2SJDNLMO2aKvJm2gOMEmhYG4j4XqlB0pqqPm
xXfyjoudMDaB4+Y6jv0DNSctIy/6x8BlPnnCbmJvXyMSn2TnrXr0gwnJpGLzZUuj
BgAPljnOfdYG
=WDqI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to