Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 96BA32231E4
	for <~alpine/devel@lists.alpinelinux.org>; Thu, 16 Mar 2023 11:13:01 +0000 (UTC)
Received: by mail-ed1-x52d.google.com with SMTP id z21so6084919edb.4
        for <~alpine/devel@lists.alpinelinux.org>; Thu, 16 Mar 2023 04:13:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=docker.com; s=google; t=1678965180;
        h=to:date:message-id:subject:mime-version:content-transfer-encoding
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=ABZkXfQBNuctkZHk/8bC90ppGYTAzpVibWzHr0yCE2w=;
        b=R+EZ9RARCNvZ0o0dXoUg6F4A8ybokz9of0G2KwKjMbVEgxsZrE8vOWDMfjgoSjft2D
         +MANpR58oncKHOPCGaq/C9Nnz43Ej+Afm+HSesc44jnQkmRJlMqxlfYISxFxOkrLYI8B
         QMEQqvd+I5AaV+nXYJqK2sYlO5t+f1a678Rig=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1678965180;
        h=to:date:message-id:subject:mime-version:content-transfer-encoding
         :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=ABZkXfQBNuctkZHk/8bC90ppGYTAzpVibWzHr0yCE2w=;
        b=tt/K2lL1+gmwwVCX0Gl3b52lsyGAn4hfaUO9bHy/SdgiCXWXFYAW3oLYVabXi7QjxD
         yQ/9pvPqsf5+E2R6hds9P8oeG4p0AJilKJMMgYEU/PgdUsuUMpaFf1TwA+ogNjbFq7iL
         DkofO4tvHpAU497oac6ZE2+7qE/mnt6xApQEQkByc2Ke14oUjMNcLKxLtoP0k/YBCXa5
         aI1rU/IriMKIhfdnpjb4uLdVeWNda/aaIU4e4l/ZNKH0rQ7k7u0TaIX8JlYcMER+KjHH
         pd2wpMIsxKqSrQEAO8Rs8lg44VEEfJzzEqnfarG56rtRrs6jSSCaaRWYop0LCF5kE+4B
         q3AQ==
X-Gm-Message-State: AO0yUKVsl6y4GzmSknXxHVXcbI/lhFuygiIapMZBgceoCsUgRjUzzGjM
	jqJPh+3/V7pEV3tRERPdgCAi7DIaPhgUfsGVo3v3NA==
X-Google-Smtp-Source: AK7set+KxMIySBN+xM5dTk597GfFWWq8ct/SP3p847JPQJeqGqrAEyGyv6s9iVUcOPGM4xfon5nPDQ==
X-Received: by 2002:a17:906:f57:b0:92b:c56a:7efe with SMTP id h23-20020a1709060f5700b0092bc56a7efemr8321410ejj.31.1678965179716;
        Thu, 16 Mar 2023 04:12:59 -0700 (PDT)
Received: from smtpclient.apple (p200300c5cf13c0009137231f72e75872.dip0.t-ipconnect.de. [2003:c5:cf13:c000:9137:231f:72e7:5872])
        by smtp.gmail.com with ESMTPSA id z9-20020a170906074900b008eaf99be56esm3749913ejb.170.2023.03.16.04.12.58
        for <~alpine/devel@lists.alpinelinux.org>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 16 Mar 2023 04:12:58 -0700 (PDT)
From: Christian Dupuis <christian.dupuis@docker.com>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
Subject: CVE-2021-3156 version number of sudo
Message-Id: <A3BBFD61-8DED-453B-8827-BCD02699C49B@docker.com>
Date: Thu, 16 Mar 2023 12:12:47 +0100
To: ~alpine/devel@lists.alpinelinux.org
X-Mailer: Apple Mail (2.3731.400.51.1.1)

Hi,

is it possible that there=E2=80=99s a typo in the version number =
'1.9.5p2-r0' of =E2=80=98sudo' in CVE-2021-3156? Should the version =
number be '1.9.5_p2-r0=E2=80=99 instead?

Wondering because we are getting some reports and people seem to =
consider the finding a false positive.

Regards,

Christian Dupuis
Docker=