This update for sudo fixes the following issue: Security fixes: * CVE-2023-28486: Fixed missing control characters escaping in log messages . * CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output . Other fixes: * Fix a situation where "sudo -U otheruser -l" would dereference a NULL pointer . * Do not re-enable the reader when flushing the buffers as part of pty_finish .