Update to address two moderate vulnerabilities

We have been in contact with Marc Schoolderman <email address hidden> from upstream.

Marc Deslauriers <email address hidden> from security has been notified.

The fixes have been released and I am preparing a security SRU.

Here is the preliminary patch for GHSA-c978-wq47-pvvw. Awaiting build success before forwarding to security.

Here is the preliminary patch for GHSA-q428-6v73-fc4q. Awaiting build success before forwarding to security.

Hey Simon, thanks for hopping on this. Security uploads have a few special requirements for changelog entries and should target `questing-security` instead of `questing` [1].

lp-2130623-GHSA-q428-6v73-fc4q.patch looks good to me.

[1] https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging

I am preparing the questing security upload in the security team PPA now.

This bug was fixed in the package rust-sudo-rs - 0.2.8-1ubuntu5.2

---------------
rust-sudo-rs (0.2.8-1ubuntu5.2) questing-security; urgency=high

  * SECURITY UPDATE: multiple security fixes (LP: #2130623)
    - debian/patches/lp-2130623-GHSA-q428-6v73-fc4q-*.patch
    - debian/patches/lp-2130623-GHSA-c978-wq47-pvvw-*.patch
    - CVE numbers pending

 -- Simon Johnsson <email address hidden> Mon, 10 Nov 2025 16:12:00 +0100

I am making this bug public since the two commits are now in the upstream repo and listed in the changes file.

The attachment "lp-2130623-GHSA-c978-wq47-pvvw.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

FYI, an update for these issues was published for Ubuntu 25.10 on Monday:

https://ubuntu.com/security/notices/USN-7867-1