On Sun, Mar 31, 2024 at 07:00:50PM +0000, Andy Smith wrote: > Hello, > > On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote: > > I just saw this advisory > > Escape sequence injection in util-linux wall (CVE-2024-28085) > > https://seclists.org/fulldisclosure/2024/Mar/35 > > where they're talking about grabbing other users sudo password. > > I note that "write" and "wall" in Debian had setgid removed after this. > > > https://salsa.debian.org/debian/util-linux/-/commit/c4be137b4b09a855713c1f4d052dfee773c4ad3b > > https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.39.3-11_changelog > The fix has also been made to stable and oldstable: https://lists.debian.org/debian-security-announce/2024/msg00058.html
Regards, -Roberto -- Roberto C. Sánchez