-sudo (1.7.4-1) UNRELEASED; urgency=low
+sudo (1.7.4p4-1) UNRELEASED; urgency=low
- * new upstream version
+ * new upstream version, includes fix for flaw in Runas group matching
+ (CVE-2010-2956), closes: #595935
* handle transition of /var/run/sudo to /var/lib/sudo better, to avoid
re-lecturing existing users, and to clean up after ourselves on upgrade,
and remove the RAMRUN section from README.Debian since the new state dir
should fix the original problem, closes: #585514
- -- Bdale Garbee <bdale@gag.com> Mon, 02 Aug 2010 23:26:50 -0400
+ -- Bdale Garbee <bdale@gag.com> Tue, 07 Sep 2010 10:11:02 -0600
sudo (1.7.2p7-1) unstable; urgency=high