The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| sudo | source | woody | 1.6.6-1.6 | | | |
| sudo | source | sarge | 1.6.8p7-1.4 | | | |
Notes
fixed in testing at time of DSA
The fix for stable and oldstable switched from a black list
of dangerous env vars to a white list of known-to-be-safe env vars
sid's 1.6.8p12 still has the black list (although with the strong
recommendation to use env_reset, which basically does the same),
but 1.7 will have a white list as well