diff -Nru sudo-1.8.3p1/debian/changelog sudo-1.8.3p1/debian/changelog
--- sudo-1.8.3p1/debian/changelog	2013-02-27 18:35:03.000000000 +0000
+++ sudo-1.8.3p1/debian/changelog	2014-03-11 11:57:18.000000000 +0000
@@ -1,3 +1,14 @@
+sudo (1.8.3p1-1ubuntu3.6) precise-security; urgency=medium
+
+  * SECURITY UPDATE: security policy bypass when env_reset is disabled
+    - debian/patches/CVE-2014-0106.patch: fix logic inversion in
+      plugins/sudoers/env.c.
+    - CVE-2014-0106
+  * debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
+    epoch in init scripts so they are properly invalidated. (LP: #1223297)
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 11 Mar 2014 07:56:53 -0400
+
 sudo (1.8.3p1-1ubuntu3.4) precise-security; urgency=low
 
   * SECURITY UPDATE: authentication bypass via clock set to epoch
diff -Nru sudo-1.8.3p1/debian/patches/CVE-2014-0106.patch sudo-1.8.3p1/debian/patches/CVE-2014-0106.patch
--- sudo-1.8.3p1/debian/patches/CVE-2014-0106.patch	1970-01-01 00:00:00.000000000 +0000
+++ sudo-1.8.3p1/debian/patches/CVE-2014-0106.patch	2014-03-10 17:41:53.000000000 +0000
@@ -0,0 +1,16 @@
+Description: fix security policy bypass when env_reset is disabled
+Origin: upstream, http://www.sudo.ws/repos/sudo/rev/748cefb49422
+
+Index: sudo-1.8.3p1/plugins/sudoers/env.c
+===================================================================
+--- sudo-1.8.3p1.orig/plugins/sudoers/env.c	2014-03-10 13:32:36.000000000 -0400
++++ sudo-1.8.3p1/plugins/sudoers/env.c	2014-03-10 13:40:06.382458163 -0400
+@@ -688,7 +688,7 @@
+ 		okvar = matches_env_keep(*ep);
+ 	} else {
+ 	    okvar = matches_env_delete(*ep) == FALSE;
+-	    if (okvar == FALSE)
++	    if (okvar == TRUE)
+ 		okvar = matches_env_check(*ep) != FALSE;
+ 	}
+ 	if (okvar == FALSE) {
diff -Nru sudo-1.8.3p1/debian/patches/series sudo-1.8.3p1/debian/patches/series
--- sudo-1.8.3p1/debian/patches/series	2013-02-27 18:32:12.000000000 +0000
+++ sudo-1.8.3p1/debian/patches/series	2014-03-10 17:39:19.000000000 +0000
@@ -7,3 +7,4 @@
 CVE-2012-2337.patch
 pam_env_merge.patch
 CVE-2013-1775.patch
+CVE-2014-0106.patch
diff -Nru sudo-1.8.3p1/debian/sudo-ldap.sudo.init sudo-1.8.3p1/debian/sudo-ldap.sudo.init
--- sudo-1.8.3p1/debian/sudo-ldap.sudo.init	2012-05-23 16:54:10.000000000 +0000
+++ sudo-1.8.3p1/debian/sudo-ldap.sudo.init	2014-03-11 11:56:28.000000000 +0000
@@ -20,7 +20,7 @@
 	# make sure privileges don't persist across reboots
 	if [ -d /var/lib/sudo ]
 	then
-                find /var/lib/sudo -exec touch -t 198501010000 '{}' \;
+                find /var/lib/sudo -exec touch -d @0 '{}' \;
 	fi
 	;;
   stop|reload|restart|force-reload)
diff -Nru sudo-1.8.3p1/debian/sudo.sudo.init sudo-1.8.3p1/debian/sudo.sudo.init
--- sudo-1.8.3p1/debian/sudo.sudo.init	2012-05-23 16:54:10.000000000 +0000
+++ sudo-1.8.3p1/debian/sudo.sudo.init	2014-03-11 11:56:40.000000000 +0000
@@ -20,7 +20,7 @@
 	# make sure privileges don't persist across reboots
 	if [ -d /var/lib/sudo ]
 	then
-                find /var/lib/sudo -exec touch -t 198501010000 '{}' \;
+                find /var/lib/sudo -exec touch -d @0 '{}' \;
 	fi
 	;;
   stop|reload|restart|force-reload)