Package: sudo Version: 1.7.4p4-2.squeeze.4 Severity: critical Tags: upstream security Justification: root security hole
Hi, Apparently a security has been disclosed (CVE-2015-5602) allowing users to open files with sudoedit that is not supposed to using a symlinks, see: https://www.exploit-db.com/exploits/37710/ Upstream has released a new fixed version by no following the symlinks by default. But according to this comment[0], this is not fixing the issue completely. Cheers, Laurent Bigonville [0] https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1512781/comments/1
