"""
Two security issues were discovered in sudo-rs, a Rust-based implemention
of sudo (and su), which could result in the local disclosure of partially
typed passwords or an authentication bypass in some targetpw/rootpw
configurations.
For the stable distribution (trixie), this problem has been fixed in
version 0.2.5-5+deb13u1.
We recommend that you upgrade your rust-sudo-rs packages.
"""
Everything to do with reimplementing sudo, though.
But sudo has its share of CVEs as well (latest CVE-2025-32463), so perhaps a fresh look on the tool is warranted; perhaps some learnings have been taken from it.
I think if rust was used to replace other bits (say things like utilities like grep or whatever) instead of security vital things like sudo, there would be less complaints.
To save everyone a click, the text is:
""" Two security issues were discovered in sudo-rs, a Rust-based implemention of sudo (and su), which could result in the local disclosure of partially typed passwords or an authentication bypass in some targetpw/rootpw configurations.
For the stable distribution (trixie), this problem has been fixed in version 0.2.5-5+deb13u1.
We recommend that you upgrade your rust-sudo-rs packages. """
as far as i can see, it's just programming errors, nothing to do with rust.
Everything to do with reimplementing sudo, though.
But sudo has its share of CVEs as well (latest CVE-2025-32463), so perhaps a fresh look on the tool is warranted; perhaps some learnings have been taken from it.
I think if rust was used to replace other bits (say things like utilities like grep or whatever) instead of security vital things like sudo, there would be less complaints.
What were the actual fixes like?