| skipped 46 lines |
47 | 47 | | local sudo |
48 | 48 | | local sudo_version |
49 | 49 | | local v2 |
| 50 | + | local package_version |
| 51 | + | local package_fixed |
| 52 | + | local distro_release |
50 | 53 | | sudo="$(command -v sudo)" |
51 | 54 | | if [ -n "$sudo" ]; then |
52 | 55 | | vulnerable=true |
53 | 56 | | sudo_version="$(sudo --version | head -n1 | cut -d ' ' -f 3)" |
54 | 57 | | v2="$(echo "$sudo_version" | cut -d. -f2)" |
| 58 | + | package_version="$(lse_get_pkg_version sudo)" |
55 | 59 | | # only 1.8.2 to 1.8.31p2 is vulnerable |
56 | 60 | | if lse_is_version_bigger 1.8.2 "$sudo_version"; then |
57 | 61 | | exit 1 |
| skipped 3 lines |
61 | 65 | | fi |
62 | 66 | | # only 1.9.0 to 1.9.5p1 is vulnerable |
63 | 67 | | if lse_is_version_bigger "$sudo_version" 1.9.5p1; then |
| 68 | + | exit 1 |
| 69 | + | fi |
| 70 | + | case "$lse_distro_codename" in |
| 71 | + | ubuntu) |
| 72 | + | [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_CODENAME=' /etc/os-release | cut -f2 -d=) |
| 73 | + | case "$distro_release" in |
| 74 | + | precise) |
| 75 | + | package_fixed="1.8.3p1-1ubuntu3.10" |
| 76 | + | ;; |
| 77 | + | trusty) |
| 78 | + | package_fixed="1.8.9p5-1ubuntu1.5+esm6" |
| 79 | + | ;; |
| 80 | + | xenial) |
| 81 | + | package_fixed="1.8.16-0ubuntu1.10" |
| 82 | + | ;; |
| 83 | + | bionic) |
| 84 | + | package_fixed="1.8.21p2-3ubuntu1.4" |
| 85 | + | ;; |
| 86 | + | focal) |
| 87 | + | package_fixed="1.8.31-1ubuntu1.2" |
| 88 | + | ;; |
| 89 | + | groovy) |
| 90 | + | package_fixed="1.9.1-1ubuntu1.1" |
| 91 | + | ;; |
| 92 | + | esac |
| 93 | + | ;; |
| 94 | + | esac |
| 95 | + | if [ -n "$package_fixed" ] && [ -n "$package_version" ] && ! lse_is_version_bigger "$package_fixed" "$package_version"; then |
64 | 96 | | exit 1 |
65 | 97 | | fi |
66 | 98 | | fi |
| skipped 3 lines |