Control: tags -1 fixed-upstream X-Debbugs-Cc: s...@packages.debian.org It has already been resolved by upstream. Sudo before 1.9.13p2 has a double free in the per-command chroot feature. This issue does not affect bullseye (see https://security-tracker.debian.org/tracker/CVE-2023-27320). Just testing/sid.
References https://nvd.nist.gov/vuln/detail/CVE-2023-27320 https://www.openwall.com/lists/oss-security/2023/02/28/1 https://www.sudo.ws/releases/stable/#1.9.13p2 http://www.openwall.com/lists/oss-security/2023/03/01/8 https://lists.fedoraproject.org/archives/list/package-annou...@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/ https://github.com/balabit-deps/balabit-os-9-sudo/commit/9f3e3c41c96aab9e688cb11ced1d07f115ea8b4f.diff https://github.com/sudo-project/sudo/commit/87ce69246869d9b9d69be278e29e0fc6a3cabdb9.diff https://security-tracker.debian.org/tracker/CVE-2023-27320 Thanks! -- Cheers, Leandro Cunha