Preview
Open Original
- To: debian-security-announce@lists.debian.org
- Subject: [SECURITY] [DSA 6052-1] rust-sudo-rs security update
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Tue, 11 Nov 2025 19:23:24 +0000
- Message-id: <[🔎] aRONLA2lCwrrVNcF@seger.debian.org>
- Reply-to: debian-security-announce-request@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Adviso...- To: debian-security-announce@lists.debian.org
- Subject: [SECURITY] [DSA 6052-1] rust-sudo-rs security update
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Tue, 11 Nov 2025 19:23:24 +0000
- Message-id: <[🔎] aRONLA2lCwrrVNcF@seger.debian.org>
- Reply-to: debian-security-announce-request@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6052-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 11, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : rust-sudo-rs
CVE ID : not yet available
Two security issues were discovered in sudo-rs, a Rust-based implemention
of sudo (and su), which could result in the local disclosure of partially
typed passwords or an authentication bypass in some targetpw/rootpw
configurations.
For the stable distribution (trixie), this problem has been fixed in
version 0.2.5-5+deb13u1.
We recommend that you upgrade your rust-sudo-rs packages.
For the detailed security status of rust-sudo-rs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rust-sudo-rs
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkTi+AACgkQEMKTtsN8
TjbZOA/6AhtGFZOSecYOHRhclRJuqViqVayIZbKQnV1F1Psi4JDItXxjAofUtzID
gSnk0LGNbsveI0lrbI3F+6P5jc4QSimgGoAdRlwz65yDMGv8uLCQLtVzWGuzJfN2
yTN7ndwb6FIdeBQ0NEbJObsgIj5wePFWwes3pA0dL7/0yd5yqKV3lbVV+jNSJ1Hq
K4NalTRLwdeC6+KeongSzH+9f1zOuzAW8CZwhLzPf2RWqz2Dll2/Y99z04SNx0tI
8bUJDFR7rr5Ie9grDY3YCcne90uE6NTJ/zQ8jdY4edFdL9VBRBQnyPn2vvslhLC0
uJ6Q16VSeXq2rxV01fAisPilJ7oX8e2EvPnS+AZDstswFLvVtu6ST4yAR3AIIHas
cpVxGuaEAET2UlxLXYotz0Z/hvcK8C7p5Axo4x+lTgaIrB6KGEqM5gYOp1kaKoUk
SX/5NgwxVMFqaH/OrfWqpqGDti1d+9utOV2n2fJb1ApiDcQOoaswCZ3/gJU3CGhQ
Bn9DXdjj4MM5gIRqzD/JkOuLeRyzG0jkZ6Q7qpCpyAsvWu0LNkWu/kccsNe6AElV
hg2NbAyeJNNoSqOJxkPXpFJtP2NGe6WxkGviidz2E3dVCXvhr/a27Hgxnt5w/FLs
fRUy3BqiEaHp0McVd9F3yINROvfPI+toIMkxMieN6xtbvUksQcI=
=l5Q7
-----END PGP SIGNATURE-----
Reply to:
- [debian-security-announce@lists.debian.org](mailto:debian-security-announce@lists.debian.org?in-reply-to=aRONLA2lCwrrVNcF@seger.debian.org&subject=Re:%20[SECURITY] [DSA 6052-1] rust-sudo-rs security update)
- [Moritz Muehlenhoff (on-list)](mailto:jmm@debian.org?in-reply-to=aRONLA2lCwrrVNcF@seger.debian.org&subject=Re:%20[SECURITY] [DSA 6052-1] rust-sudo-rs security update&cc=debian-security-announce@lists.debian.org)
- [Moritz Muehlenhoff (off-list)](mailto:jmm@debian.org?in-reply-to=aRONLA2lCwrrVNcF@seger.debian.org&subject=Re:%20[SECURITY] [DSA 6052-1] rust-sudo-rs security update)
-
Prev by Date: [SECURITY] [DSA 6051-1] incus security update
-
Next by Date: [SECURITY] [DSA 6053-1] linux security update
-
Previous by thread: [SECURITY] [DSA 6051-1] incus security update
-
Next by thread: [SECURITY] [DSA 6053-1] linux security update
-
Index(es):