Bug 892 – Submitting a (non-critical) sudo security bug

Bug 892 - Submitting a (non-critical) sudo security bug


Summary:	Submitting a (non-critical) sudo security bug

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.27
Hardware:	All All

Importance:	normal security
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-07-26 11:59 MDT by jvennix
Modified:	2019-07-26 12:48 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jvennix 2019-07-26 11:59:58 MDT

I'm a little unsure if this is the right way to submit a security bug for sudo (e.g. will this get opened as Private), so I am submitting this without a description and then will update it once I see the ACLs are correctly set. Sorry for the inconvenience :)

Comment 1 jvennix 2019-07-26 12:01:35 MDT

It appears to be public, glad I checked, oops - how does one submit a private bug to you all? I could not find a mailing list or anything similar.

Comment 2 Todd C. Miller 2019-07-26 12:48:03 MDT

You can send it via email to sudo-bugs@sudo.ws.  If you are especially paranoid you can pgp encrypt it using https://www.sudo.ws/dist/PGPKEYS but since the mail server on sudo.ws uses TLS when possible pgp is usually not necessary.

Comment 3 jvennix 2019-07-26 12:48:46 MDT

Ack, thanks Todd! I will send it over shortly.