On 4 Jul 2026 11:04 +0000, Marc Haber wrote: > Control: tag -1 pending > > Hello, > > Bug #1141402 in sudo reported by you has been fixed in the > Git repository and is awaiting an upload. You can see the commit > message below and you can check the diff of the fix at: > > https://salsa.debian.org/sudo-team/sudo/-/commit/92b9d4fae6e1f70645592476c48bd6a92428db1d
>diff --git a/debian/NEWS b/debian/NEWS >index 62db082d5..312ede652 100644 >--- a/debian/NEWS >+++ b/debian/NEWS >@@ -1,3 +1,21 @@ >+sudo (1.9.17p2-7) unstable; urgency=medium >+ >+ Starting with sudo 1.9.17p2-7, the default /etc/sudoers was aligned with This started already with -6. >+ the example file that upstream ships. This was done to reduce the >+ differences between Debian and other distributions. >+ >+ This has removed /usr/local/sbin and /usr/local/bin from the >+ "Defaults secure_path" setting. This may break some local scripts, but >+ also increases security, since on some systems, /usr/local might be >+ writable for non-root users and thus executing programs from there might >+ introduce privilege escalation. >+ >+ If you want to use executables from /usr/local with sudo without giving >+ the explicit path, consider chaning the setting in an /etc/sudoers.d Typo: "changing"? >+ snippet. >+ >+ -- Marc Haber <[email protected]> Sat, 04 Jul 2026 12:57:42 >+0200 >+ > sudo (1.9.17p2-3) unstable; urgency=medium > > Starting with this version, "Defaults mail_badpass" is disabled in the >-- >GitLab

