Publishing details

Changelog

sudo (1.9.11p3-1ubuntu1.3) kinetic-security; urgency=medium

  * SECURITY UPDATE: does not escape control characters
    - debian/patches/CVE-2023-2848x-1.patch: escape control characters in
      log messages and sudoreplay output in docs/sudoers.man.in,
      docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
      docs/sudoreplay.mdoc.in, include/sudo_lbuf.h,
      lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c,
      lib/util/util.exp.in, plugins/sudoers/sudoreplay.c.
    - debian/patches/CVE-2023-2848x-2.patch: fix regression in
      lib/eventlog/eventlog.c.
    - CVE-2023-28486
    - CVE-2023-28487

 -- Marc Deslauriers <email address hidden>  Mon, 03 Apr 2023 13:57:25 -0400

Available diffs

Builds

Package files