-sudo (1.7.2p1-2) UNRELEASED; urgency=low
+sudo (1.7.4p4-1) UNRELEASED; urgency=low
+ * new upstream version, includes fix for flaw in Runas group matching
+ (CVE-2010-2956), closes: #595935
+ * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
+ re-lecturing existing users, and to clean up after ourselves on upgrade,
+ and remove the RAMRUN section from README.Debian since the new state dir
+ should fix the original problem, closes: #585514
+ * deliver README.Debian to both package flavors, closes: #593579
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 11:35:22 -0600
+
+sudo (1.7.2p7-1) unstable; urgency=high
+
+ * new upstream release with security fix for secure path (CVE-2010-1646),
+ closes: #585394
+ * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
+ about whether to give the lecture is preserved across reboots even when
+ RAMRUN is set, closes: #581393
+ * add a note to README.Debian about LDAP needing an entry in
+ /etc/nsswitch.conf, closes: #522065
+ * add a note to README.Debian about how to turn off lectures if using
+ RAMRUN in /etc/default/rcS, closes: #581393
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
+
+sudo (1.7.2p6-1) unstable; urgency=low
+
+ * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
+
+sudo (1.7.2p5-1) unstable; urgency=low
+
+ * new upstream release, closes a bug filed upstream regarding missing man
+ page processing scripts in the 1.7.2p1 tarball, also includes the fix
+ for CVE-2010-0426 previously the subject of a security team nmu
* move to source format 3.0 (quilt) and restructure changes as patches
* fix unprocessed substitution variables in man pages, closes: #557204
* apply patch from Neil Moore to fix Debian-specific content in the
visudo man page, closes: #555013
+ * update descriptions to better explain sudo-ldap, closes: #573108
+ * eliminate spurious 'and' in man page, closes: #571620
+ * fix confusing text in default sudoers, closes: #566607
- -- Bdale Garbee <bdale@gag.com> Fri, 20 Nov 2009 07:31:30 -0700
+ -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
sudo (1.7.2p1-1) unstable; urgency=low