Comment 3 for bug 1223297

This bug was fixed in the package sudo - 1.8.3p1-1ubuntu3.6

---------------
sudo (1.8.3p1-1ubuntu3.6) precise-security; urgency=medium

  * SECURITY UPDATE: security policy bypass when env_reset is disabled
    - debian/patches/CVE-2014-0106.patch: fix logic inversion in
      plugins/sudoers/env.c.
    - CVE-2014-0106
  * debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
    epoch in init scripts so they are properly invalidated. (LP: #1223297)
 -- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 07:56:53 -0400