Vulnerability in main/doas affecting all releases (CVE-2019-25016)
There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25016
- https://github.com/Duncaen/OpenDoas/issues/45