FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7f7d6412-bae5-11e9-be92-3085a9a95629	doas -- Prevent passing of environment variables Jesse Smith (upstream author of the doas program) reported: Previous versions of "doas" transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read (or written to), which resulted in potential security problems. Many thanks to Sander Bos for reporting this issue and explaining how it can be exploited. Discovery 2019-08-03 Entry 2019-08-09 Modified 2019-08-15 doas < 6.1 https://marc.info/?l=openbsd-tech&m=156105665713340&w=2 https://github.com/slicer69/doas/releases/tag/6.1

VuXML ID

Description

7f7d6412-bae5-11e9-be92-3085a9a95629

doas -- Prevent passing of environment variables

Jesse Smith (upstream author of the doas program) reported:

Previous versions of "doas" transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read (or written to), which resulted in potential security problems.

Many thanks to Sander Bos for reporting this issue and explaining how it can be exploited.

Discovery 2019-08-03
Entry 2019-08-09
Modified 2019-08-15
doas

< 6.1

https://marc.info/?l=openbsd-tech&m=156105665713340&w=2
https://github.com/slicer69/doas/releases/tag/6.1