-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Do not report security vulnerabilities through public GitHub issues.

Instead, you can report them using our security page. Alternatively, you can also send them by email to security+sudo@tweedegolf.com. You can encrypt your mail using GnuPG if you want. Use the GPG key with fingerprint C2E4 CAC4 B122 25DE 1C3B B1C9 289D 0820 03D0 1E95.

Include as much of the following information:

• Type of issue (e.g. buffer overflow overflow, privilege escalation, etc.)
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• The Linux distribution affected.
• Step-by-step instructions to reproduce the issue
• Impact of the issue, including how an attacker might exploit the issue

If you have found a bug that also exists in original sudo (which, although unlikely, means it is a very serious issue), you must also follow the steps at https://www.sudo.ws/security/policy/

We prefer to receive reports in English. If necessary, we also understand Spanish, German and Dutch.

Like original sudo, we adhere to the principle of Coordinated Vulnerability Disclosure.

Security advisories will be published on GitHub and possibly through other channels. -----BEGIN PGP SIGNATURE-----

iJMEARYIADsWIQTC5MrEsSIl3hw7sckonQggA9AelQUCZOxufR0cc2VjdXJpdHkr c3Vkb0B0d2VlZGVnb2xmLmNvbQAKCRAonQggA9AelYxBAQCXNaMcO9IUr8u4RT8j 6ifxmca+MM9nyobBVdAAPaTwKQEA38XwSrRj/TApoZvDPchq8Weszk6Ke1arNQ/a wZD+KAI= =oRsJ -----END PGP SIGNATURE-----