diff -Nru sudo-1.8.5p2/debian/changelog sudo-1.8.5p2/debian/changelog
--- sudo-1.8.5p2/debian/changelog	2012-06-28 14:06:35.000000000 -0400
+++ sudo-1.8.5p2/debian/changelog	2013-03-01 00:18:08.000000000 -0500
@@ -1,3 +1,13 @@
+sudo (1.8.5p2-1+nmu1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix cve-2013-1775: authentication bypass when the clock is set to the UNIX
+    epoch [00:00:00 UTC on 1 January 1970] (closes: #701838).
+  * Fix cve-2013-1776: session id hijacking from another authorized tty
+    (closes: #701839).
+
+ -- Michael Gilbert <mgilbert@debian.org>  Fri, 01 Mar 2013 03:26:37 +0000
+
 sudo (1.8.5p2-1) unstable; urgency=low
 
   * new upstream version
diff -Nru sudo-1.8.5p2/debian/patches/cve-2013-1775.patch sudo-1.8.5p2/debian/patches/cve-2013-1775.patch
--- sudo-1.8.5p2/debian/patches/cve-2013-1775.patch	1969-12-31 19:00:00.000000000 -0500
+++ sudo-1.8.5p2/debian/patches/cve-2013-1775.patch	2013-03-01 00:17:58.000000000 -0500
@@ -0,0 +1,73 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller@courtesan.com>
+# Date 1361821780 18000
+# Node ID ebd6cc75020f0f154ef4cfcc1fd5cecec33fd67c
+# Parent  049a12a5cc14ccc9ae5d02282e5b30b8f5ba2854
+Completely ignore time stamp file if it is set to the epoch,
+regardless of what gettimeofday() returns.
+
+Index: sudo-1.8.5p2/plugins/sudoers/check.c
+===================================================================
+--- sudo-1.8.5p2.orig/plugins/sudoers/check.c	2013-02-28 22:25:52.105846093 -0500
++++ sudo-1.8.5p2/plugins/sudoers/check.c	2013-02-28 22:25:52.101846093 -0500
+@@ -620,31 +620,34 @@
+      */
+     if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) {
+ 	mtim_get(&sb, &mtime);
+-	/* Negative timeouts only expire manually (sudo -k). */
+-	if (def_timestamp_timeout < 0 && mtime.tv_sec != 0)
+-	    status = TS_CURRENT;
+-	else {
+-	    now = time(NULL);
+-	    if (def_timestamp_timeout &&
+-		now - mtime.tv_sec < 60 * def_timestamp_timeout) {
+-		/*
+-		 * Check for bogus time on the stampfile.  The clock may
+-		 * have been set back or someone could be trying to spoof us.
+-		 */
+-		if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
+-		    time_t tv_sec = (time_t)mtime.tv_sec;
+-		    log_error(0,
+-			_("timestamp too far in the future: %20.20s"),
+-			4 + ctime(&tv_sec));
+-		    if (timestampfile)
+-			(void) unlink(timestampfile);
+-		    else
+-			(void) rmdir(timestampdir);
+-		    status = TS_MISSING;
+-		} else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) {
+-		    status = TS_OLD;
+-		} else {
+-		    status = TS_CURRENT;
++	if (timevalisset(&mtime)) {
++	    /* Negative timeouts only expire manually (sudo -k). */
++	    if (def_timestamp_timeout < 0) {
++		status = TS_CURRENT;
++	    } else {
++		now = time(NULL);
++		if (def_timestamp_timeout &&
++		    now - mtime.tv_sec < 60 * def_timestamp_timeout) {
++		    /*
++		     * Check for bogus time on the stampfile.  The clock may
++		     * have been set back or user could be trying to spoof us.
++		     */
++		    if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
++			time_t tv_sec = (time_t)mtime.tv_sec;
++			log_error(0,
++			    _("timestamp too far in the future: %20.20s"),
++			    4 + ctime(&tv_sec));
++			if (timestampfile)
++			    (void) unlink(timestampfile);
++			else
++			    (void) rmdir(timestampdir);
++			status = TS_MISSING;
++		    } else if (get_boottime(&boottime) &&
++			timevalcmp(&mtime, &boottime, <)) {
++			status = TS_OLD;
++		    } else {
++			status = TS_CURRENT;
++		    }
+ 		}
+ 	    }
+ 	}
diff -Nru sudo-1.8.5p2/debian/patches/cve-2013-1776.patch sudo-1.8.5p2/debian/patches/cve-2013-1776.patch
--- sudo-1.8.5p2/debian/patches/cve-2013-1776.patch	1969-12-31 19:00:00.000000000 -0500
+++ sudo-1.8.5p2/debian/patches/cve-2013-1776.patch	2013-03-01 00:17:58.000000000 -0500
@@ -0,0 +1,75 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller@courtesan.com>
+# Date 1361821758 18000
+# Node ID 049a12a5cc14ccc9ae5d02282e5b30b8f5ba2854
+# Parent  3334bc8721112830eddadc334a5417ff6b428cce
+Store the session ID in the tty ticket file too.  A tty may only
+be in one session at a time so if the session ID doesn't match we
+ignore the ticket.
+
+Index: sudo-1.8.5p2/plugins/sudoers/check.c
+===================================================================
+--- sudo-1.8.5p2.orig/plugins/sudoers/check.c	2013-02-28 22:48:59.037834126 -0500
++++ sudo-1.8.5p2/plugins/sudoers/check.c	2013-02-28 22:48:59.033834126 -0500
+@@ -82,6 +82,7 @@
+     dev_t rdev;			/* tty device ID */
+     ino_t ino;			/* tty inode number */
+     struct timeval ctime;	/* tty inode change time */
++    pid_t sid;			/* ID of session with controlling tty */
+ } tty_info;
+ 
+ static int   build_timestamp(char **, char **);
+@@ -135,13 +136,14 @@
+     if (!need_pass)
+ 	goto done;
+ 
+-    /* Stash the tty's ctime for tty ticket comparison. */
++    /* Stash the tty's device, session ID and ctime for ticket comparison. */
+     if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
+ 	tty_info.dev = sb.st_dev;
+ 	tty_info.ino = sb.st_ino;
+ 	tty_info.rdev = sb.st_rdev;
+ 	if (tty_is_devpts(user_ttypath))
+ 	    ctim_get(&sb, &tty_info.ctime);
++	tty_info.sid = user_sid;
+     }
+ 
+     if (build_timestamp(&timestampdir, &timestampfile) == -1) {
+Index: sudo-1.8.5p2/plugins/sudoers/sudoers.c
+===================================================================
+--- sudo-1.8.5p2.orig/plugins/sudoers/sudoers.c	2013-02-28 22:48:59.037834126 -0500
++++ sudo-1.8.5p2/plugins/sudoers/sudoers.c	2013-02-28 22:48:59.033834126 -0500
+@@ -1398,6 +1398,10 @@
+ 	    sudo_user.cols = atoi(*cur + sizeof("cols=") - 1);
+ 	    continue;
+ 	}
++	if (MATCHES(*cur, "sid=")) {
++	    sudo_user.sid = atoi(*cur + sizeof("sid=") - 1);
++	    continue;
++	}
+     }
+     if (user_cwd == NULL)
+ 	user_cwd = "unknown";
+Index: sudo-1.8.5p2/plugins/sudoers/sudoers.h
+===================================================================
+--- sudo-1.8.5p2.orig/plugins/sudoers/sudoers.h	2013-02-28 22:48:59.037834126 -0500
++++ sudo-1.8.5p2/plugins/sudoers/sudoers.h	2013-02-28 22:48:59.033834126 -0500
+@@ -88,6 +88,7 @@
+     int   cols;
+     uid_t uid;
+     uid_t gid;
++    pid_t sid;
+ };
+ 
+ /*
+@@ -155,8 +156,8 @@
+ #define user_name		(sudo_user.name)
+ #define user_uid		(sudo_user.uid)
+ #define user_gid		(sudo_user.gid)
++#define user_sid		(sudo_user.sid)
+ #define user_passwd		(sudo_user.pw->pw_passwd)
+-#define user_uuid		(sudo_user.uuid)
+ #define user_dir		(sudo_user.pw->pw_dir)
+ #define user_group_list		(sudo_user.group_list)
+ #define user_tty		(sudo_user.tty)
diff -Nru sudo-1.8.5p2/debian/patches/series sudo-1.8.5p2/debian/patches/series
--- sudo-1.8.5p2/debian/patches/series	2012-06-28 14:06:35.000000000 -0400
+++ sudo-1.8.5p2/debian/patches/series	2013-03-01 00:18:04.000000000 -0500
@@ -1,3 +1,5 @@
 typo-in-classic-insults.diff
 paths-in-samples.diff
 actually-use-buildflags.diff
+cve-2013-1775.patch
+cve-2013-1776.patch