7 comments

[ 2.5 ms ] story [ 31.1 ms ] thread
To save everyone a click, the text is:

""" Two security issues were discovered in sudo-rs, a Rust-based implemention of sudo (and su), which could result in the local disclosure of partially typed passwords or an authentication bypass in some targetpw/rootpw configurations.

For the stable distribution (trixie), this problem has been fixed in version 0.2.5-5+deb13u1.

We recommend that you upgrade your rust-sudo-rs packages. """

as far as i can see, it's just programming errors, nothing to do with rust.
Same could be said about many of the real sudo bugs, but that argument doesn't stick with rust fanboys.

(Obligatory disclaimer: I love rust, I hate fanboys and rewrites)

What were the actual fixes like?
(comment deleted)
(comment deleted)