Package: sudo Version: 1.9.13p3-1 Severity: important X-Debbugs-Cc: [email protected] User: [email protected] Usertags: amd64 User: [email protected] Usertags: i386
Hi, this bug only affects bookworm, and only i386 systems running on one of those not-so-quite-i686 CPUs that unfortunately incudes the rather common AMD Geode. There was discussion with the ctte (#1113774) and their advice was to enable the offending hardening option (Intel CET which hides itself behind -fcf-protection) on AMD64 only. This will probably also fix #1004894. Bookworm is the last Debian release that supports i386 as a full architecture. It is therefore expected that this sudo version is going to be used on i386 systems for a long time. On current systems, i386 is likely to be used in containers and chroots and multiarch setups only, so using an amd64 sudo on such systems is advised. Independe of an upstream fix that is on the way, there is no update for trixie and newer necessary for this reason. The patch was submitted by Marcos Del Sol Vives. I verified that the patched package built on bookworm delivers a byte identical package on amd64 and a different one on i386. I did not do any further testing. Greetings Marc
