It looks like sudo 1.8.12 made it into 15.10 finally. Excellent. Apple went the other route and locked the clock back down. (https://support.apple.com/en-us/HT205031)
The CVE associated with this bug seems to be about the TZ (seen on RedHat's security site: https://access.redhat.com/security/cve/CVE-2014-9680). Apple's CVE is about restricting access to the time settings (http://www.cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2015-3757). I don't think either one really reflects this bug. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-3757 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1219337 Title: Users can change the clock without authenticating, allowing them to locally exploit sudo. To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-control-center/+bug/1219337/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
