Re: CVE request: sudo TZ issue

["Todd C. Miller" <Todd.Miller () courtesan com>]

On Tue, 10 Feb 2015 13:17:59 +0100, Florian Weimer wrote:

> You also need to ignore a leading : for the absolute path name check,
> to match glibc behavior (and potentially others).
>
> The code in sudo 1.8.12 handles this case correctly, but it's not clear
> from the description above.

I've clarified the description in http://www.sudo.ws/alerts/tz.html

 - todd