Package: sudo Version: 1.8.29-1 Severity: normal Dear Maintainer,
The current versions of sudo in current Debian releases are impacted by the vulnerability described below: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634 https://seclists.org/oss-sec/2020/q1/48 Fortunately, pwfeedback is disabled by default under Debian. The pwfeedback can be enabled through /etc/sudoers https://www.tekbyte.net/2019/how-to-show-feedback-while-typing-sudo-password-in-linux/ * What exactly did you do (or not do) that was effective (or ineffective)? I kept pwfeedback off. sudo >= 1.8.31 is supposed to solve the problem. Best regards *** End of the template - remove these template lines *** -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sudo depends on: ii libaudit1 1:2.8.5-2+b1 ii libc6 2.29-9 ii libpam-modules 1.3.1-5 ii libpam0g 1.3.1-5 ii libselinux1 3.0-1 ii lsb-base 11.1.0 sudo recommends no packages. sudo suggests no packages. -- Configuration Files: /etc/sudoers [Errno 13] Permission non accordée: '/etc/sudoers' /etc/sudoers.d/README [Errno 13] Permission non accordée: '/etc/sudoers.d/README' -- no debconf information
