mirror of
https://github.com/novatiq/packages.git
synced 2026-04-29 23:18:42 +01:00
sudo: backport patches for CVE-2021-3156
This security vulnerability is known as Baron Samedit [1] and there is a research by Qualys [2] and they discovered it. Unfortunately or fortunately, there isn't present sudoedit on OpenWrt. Two patches were applied cleanly and the other two required manual intervention. Those were backported from version 1.9.5p2 [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156 [2] https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This commit is contained in:
Josef Schlehofer
committed by
Paul Spooren
Paul Spooren
parent
4949dcdc50
commit
bee91a9d88
+1
-1
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=sudo
|
||||
PKG_VERSION:=1.8.28p1
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://www.sudo.ws/dist
|
||||
|
||||
Reference in New Issue
Block a user