+sudo (1.7.2p7-1) UNRELEASED; urgency=high
+
+ * new upstream release with security fix for secure path (CVE-2010-1646),
+ closes: #585394
+ * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
+ about whether to give the lecture is preserved across reboots even when
+ RAMRUN is set, closes: #581393
+ * add a note to README.Debian about LDAP needing an entry in
+ /etc/nsswitch.conf, closes: #522065
+ * add a note to README.Debian about how to turn off lectures if using
+ RAMRUN in /etc/default/rcS, closes: #581393
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
+
+sudo (1.7.2p6-1) unstable; urgency=low
+
+ * new upstream version fixing CVE-2010-1163, closes: #578275, #570737
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 19 Apr 2010 10:45:47 -0600
+
+sudo (1.7.2p5-1) unstable; urgency=low
+
+ * new upstream release, closes a bug filed upstream regarding missing man
+ page processing scripts in the 1.7.2p1 tarball, also includes the fix
+ for CVE-2010-0426 previously the subject of a security team nmu
+ * move to source format 3.0 (quilt) and restructure changes as patches
+ * fix unprocessed substitution variables in man pages, closes: #557204
+ * apply patch from Neil Moore to fix Debian-specific content in the
+ visudo man page, closes: #555013
+ * update descriptions to better explain sudo-ldap, closes: #573108
+ * eliminate spurious 'and' in man page, closes: #571620
+ * fix confusing text in default sudoers, closes: #566607
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 11 Mar 2010 15:44:53 -0700
+
+sudo (1.7.2p1-1) unstable; urgency=low
+
+ * new upstream version
+ * add support for /etc/sudoers.d using #includedir in default sudoers,
+ which I think is also a good solution to the request for a crontab-like
+ API requested in March of 2001, closes: #539994, #271813, #89743
+ * move init.d script from using rcS.d to rc[0-6].d, closes: #542924
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 31 Aug 2009 14:09:32 -0600
+
+sudo (1.7.2-2) unstable; urgency=low
+
+ * further improve initial sudoers to not include the NOPASSWD option on
+ the group sudo exception, closes: #539136, #198991
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 29 Jul 2009 16:21:04 +0200
+
+sudo (1.7.2-1) unstable; urgency=low
+
+ * new upstream version, closes: #537103
+ * improve initial sudoers by having the exemption for users in group
+ sudo on by default, and including the ability to run any command as
+ any user. This makes the default install roughly equivalent to our
+ old use of the --with-exempt=sudo build option, closes: #536220, #536222
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 15 Jul 2009 01:29:46 -0600
+
+sudo (1.7.0-1) unstable; urgency=low
+
+ * new upstream version, closes: #510179, #128268, #520274, #508514
+ * fix ldap config file path for sudo-ldap package, including creating
+ a symlink in postinst and cleaning it up in postrm for the sudo-ldap
+ package, closes: #430826
+ * fix NOPASSWD entry location in default config file for the sudo-ldap
+ instance too, closes: #479616
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 28 Mar 2009 15:15:01 -0600
+
+sudo (1.6.9p17-2) unstable; urgency=high
+
+ * patch from upstream to fix privilege escalation with certain
+ configurations, CVE-2009-0034
+ * typo in sudoers man page, closes: #507163
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 27 Jan 2009 11:49:02 -0700
+
+sudo (1.6.9p17-1) unstable; urgency=low
+
+ * new upstream version, closes: #481008
+ * deliver schemas to doc directory in sudo-ldap package, closes: #474331
+ * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost
+ in move from CVS to git for package management, closes: #475821
+ * re-instate the init.d for the sudo-ldap package too... /o\
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 06 Jul 2008 01:16:31 -0600
+
+sudo (1.6.9p15-2) unstable; urgency=low
+
+ * revert the fix for 388659 such that visudo once again defaults to using
+ /usr/bin/editor. I was always ambivalent about this change, it has caused
+ more confusion and frustration than it cured, and I find Justin's line of
+ reasoning persuasive. Update the man page source to reflect this choice
+ and the related use of --with-env-editor. Closes: #474197.
+ * patch from Petter Reinholdtsen to improve init.d, closes: #475821
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
+
+sudo (1.6.9p15-1) unstable; urgency=low
+
+ * new upstream version, closes: #467126, #473337
+ * remove pointless postrm scripts, leaving debhelper do its thing if needed,
+ thanks to Justin Pryzby for pointing this out
+ * reinstate the init.d, since bootclean doesn't quite do what we want. This
+ also means we don't need the preinst scripts any more. Update the lintian
+ overrides since postinst is a Perl script lintian apparently isn't parsing
+ well. closes: #330868
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
+
sudo (1.6.9p12-1) unstable; urgency=low
* new upstream version, closes: #464890