-sudo (1.7.2p2-1) UNRELEASED; urgency=low
+sudo (1.7.2p5-1) UNRELEASED; urgency=low
- * new upstream release, closes a bug filed upstream regarding missing
- man page processing scripts in the 1.7.2p1 tarball
+ * new upstream release, closes a bug filed upstream regarding missing man
+ page processing scripts in the 1.7.2p1 tarball, also includes the fix
+ for CVE-2010-0426 previously the subject of a security team nmu
* move to source format 3.0 (quilt) and restructure changes as patches
* fix unprocessed substitution variables in man pages, closes: #557204
* apply patch from Neil Moore to fix Debian-specific content in the
visudo man page, closes: #555013
* update descriptions to better explain sudo-ldap, closes: #573108
+ * eliminate spurious 'and' in man page, closes: #571620
- -- Bdale Garbee <bdale@gag.com> Mon, 07 Dec 2009 16:58:36 +0100
+ -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 11:54:23 -0700
sudo (1.7.2p1-1) unstable; urgency=low
privileges to users and log root activity. The basic philosophy is to give
as few privileges as possible but still allow people to get their work done.
.
- This version is built with LDAP support, which allows the sudoers database
- to be distributed via LDAP. Authentication is still performed via pam.
+ This version is built with LDAP support, which allows an equivalent of the
+ sudoers database to be distributed via LDAP. Authentication is still
+ performed via pam.
If set, root is allowed to run \fBsudo\fR too. Disabling this prevents users
from \*(L"chaining\*(R" \fBsudo\fR commands to get a root shell by doing something
like \f(CW"sudo sudo /bin/sh"\fR. Note, however, that turning off \fIroot_sudo\fR
-will also prevent root and from running \fBsudoedit\fR.
+will also prevent root from running \fBsudoedit\fR.
Disabling \fIroot_sudo\fR provides no real additional security; it
exists purely for historical reasons.
This flag is \fI@root_sudo@\fR by default.