[ubuntu/kinetic-security] sudo 1.9.11p3-1ubuntu1.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Apr 11 14:08:29 UTC 2023
sudo (1.9.11p3-1ubuntu1.3) kinetic-security; urgency=medium
* SECURITY UPDATE: does not escape control characters
- debian/patches/CVE-2023-2848x-1.patch: escape control characters in
log messages and sudoreplay output in docs/sudoers.man.in,
docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
docs/sudoreplay.mdoc.in, include/sudo_lbuf.h,
lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c,
lib/util/util.exp.in, plugins/sudoers/sudoreplay.c.
- debian/patches/CVE-2023-2848x-2.patch: fix regression in
lib/eventlog/eventlog.c.
- CVE-2023-28486
- CVE-2023-28487
Date: 2023-04-04 13:24:14.359084+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/sudo/1.9.11p3-1ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list