Hi, thanks for reporting this.
As there is no maintainer for this package I added the committers in CC.

(Please set the status to 'assigned' if you are working on it)

Assignee: bugsquad => pkg-bugs
CC: (none) => joequant, mageia, ouaurelien

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. (CVE-2021-23239)

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. (CVE-2021-23240)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23240
https://www.openwall.com/lists/oss-security/2021/01/11/2
https://www.sudo.ws/stable.html
========================

Updated packages in core/updates_testing:
========================
sudo-1.9.5-1.mga7
sudo-devel-1.9.5-1.mga7

from SRPM:
sudo-1.9.5-1.mga7.src.rpm

Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero
CVE: (none) => CVE-2021-23239, CVE-2021-23240

No installation issues.

Tested for basic functionality. Ran several commands using sudo, some valid some purposely not valid, all performed as expected.

Looks OK. Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => validated_update

Advisory pushed to SVN.

Keywords: (none) => advisory

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0042.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED