Control: tags -1 + confirmed On Tue, 2017-08-01 at 15:55 +0200, Salvatore Bonaccorso wrote: > sudo in jessie ist still affected by CVE-2017-1000368. The issue IMHo > does not need a DSA, since with the previous fixes due to the /dev > traversal changes the issue was not anymore exploitable. Still it > would make sense IMHO to address it. Attached is the proposed debdiff. Please go ahead. Regards, Adam