-sudo (1.7.2p6-2) UNRELEASED; urgency=low
+sudo (1.7.2p7-2) UNRELEASED; urgency=low
+ * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
+ re-lecturing existing users, and to clean up after ourselves on upgrade,
+ and remove the RAMRUN section from README.Debian since the new state dir
+ should fix the original problem, closes: #585514
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
+
+sudo (1.7.2p7-1) unstable; urgency=high
+
+ * new upstream release with security fix for secure path (CVE-2010-1646),
+ closes: #585394
+ * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
+ about whether to give the lecture is preserved across reboots even when
+ RAMRUN is set, closes: #581393
* add a note to README.Debian about LDAP needing an entry in
/etc/nsswitch.conf, closes: #522065
+ * add a note to README.Debian about how to turn off lectures if using
+ RAMRUN in /etc/default/rcS, closes: #581393
- -- Bdale Garbee <bdale@gag.com> Wed, 21 Apr 2010 09:26:11 -0600
+ -- Bdale Garbee <bdale@gag.com> Thu, 10 Jun 2010 15:42:14 -0600
sudo (1.7.2p6-1) unstable; urgency=low