Document sudo CVE-2021-3156.

• When invoked as sudoedit, the same set of command line options are now accepted as for "sudo -e". The -H and -P options are now rejected for sudoedit and "sudo -e" which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
• Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.

PR: 253034
Reported by: "Todd C. Miller" <Todd.Miller@sudo.ws> via mailing list

		emaste

Obtained from: sudo