[sudo-users] No more security fixes for sudo 1.8.x?
Todd C. Miller
Todd.Miller at sudo.ws
Thu Feb 4 07:53:41 MST 2021
On Thu, 04 Feb 2021 15:36:46 +0100, Colin Finck wrote:
> With CVE-2021-3156, CVE-2021-23239, and CVE-2021-23240, there have been
> three critical security issues lately, which are fixed in the latest
> sudo 1.9.5p2 release, but also affect sudo 1.8.31p2 as far as I know.
>
> Some Linux distros like Ubuntu that are on the 1.8.x branch have already
> backported the fix themselves, but others (like Yocto/OpenEmbedded)
> still seem to be waiting for an official fix for the 1.8 branch.
The short answer is nobody has asked yet. I actually do have a
backport of those fixes to the 1.8 branch, I just need to find the
time to validate them.
- todd
More information about the sudo-users
mailing list