The fix for CVE-2017-1000367 was incomplete. While it prevents the privilege escalation, it is still possible to trick sudo into writing to other user's terminals.
See update at
=app-admin/sudo-1.8.20_p2 is already in the tree, but not yet stabilized. Can we start stabilizing
Author: Lars Wendler <email@example.com>
Date: Sat Jun 3 13:38:09 2017
app-admin/sudo: Version 1.8.20_p2 stable for all arches (bug #620482).
Fast stabilizing as this is a followup bug of CVE-2017-1000367.
Package-Manager: Portage-2.3.6, Repoman-2.3.2
CVE is CVE-2017-1000368
GLSA Request filled.
@Maintainers just to confirm if CVE-2017-1000368 is totally fixed.
Gentoo Security Padawan
This issue was resolved and addressed in
GLSA 201710-04 at https://security.gentoo.org/glsa/201710-04
by GLSA coordinator Aaron Bauman (b-man).