Checking some CVEs here at my work, I found that the GLSA 201705-15 is checking for one version of the sudo package, that doesn't have the full fix for the problem! https://www.sudo.ws/alerts/linux_tty.html Sudo versions affected: Sudo 1.7.10 through 1.7.10p9 inclusive and Sudo 1.8.5 through 1.8.20p1 inclusive. The fix present in sudo 1.8.20p1 was incomplete. GSLA: "Unaffected versions >= 1.8.20_p1" "
https://security.gentoo.org/glsa/201705-15
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a1ab9225f014c12703d38a47822edddfddb007ce commit a1ab9225f014c12703d38a47822edddfddb007ce Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2017-10-07 14:25:15 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2017-10-07 14:25:15 +0000 Fix GLSA-201705-15 Closes: https://bugs.gentoo.org/633704 glsa-201705-15.xml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-)
Sorry for ignoring you comment https://bugs.gentoo.org/620182#c5 and thank you for your tenacity.
Reverted, https://gitweb.gentoo.org/data/glsa.git/commit/?id=28cc4b75c6ed98b149f306c8a61e2f27c973a628
(In reply to Thomas Deutschmann from comment #3) > Sorry for ignoring you comment https://bugs.gentoo.org/620182#c5 and thank > you for your tenacity. No problem! I'm glad to help! Tks!
