Launchpad.net

CVE 2015-8239

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

See the CVE page on Mitre.org for more details.