Changelog
sudo (1.8.5p2-1+nmu3+deb7u1) wheezy-security; urgency=medium
* Non-maintainer upload
* Fix CVE-2014-9680-{1,2}.patch to edit sudoers.pod, not just the
generated docs
* Disable editing of files via user-controllable symlinks
(Closes: #804149) (CVE-2015-5602)
- sudoedit path restriction bypass using symlinks
- Change warning when user tries to sudoedit a symbolic link
- Open sudoedit files with O_NONBLOCK and fail if they are not regular files
- Remove S_ISREG check from sudo_edit_open(), it is already done in the
caller
- Add directory writability checks for sudoedit
- Fix directory writability checks for sudoedit
- Enable sudoedit directory writability checks by default
-- Ben Hutchings <email address hidden> Tue, 05 Jan 2016 18:48:03 +0000