This patch will upgrade Sudo version 1.8.3 patchlevel 1 to Sudo
version 1.8.3 patchlevel 2.  To apply:

    $ cd sudo-1.8.3p1
    $ patch -p1 < sudo-1.8.3p2.patch

diff -urNa sudo-1.8.3p1/ChangeLog sudo-1.8.3p2/ChangeLog
--- sudo-1.8.3p1/ChangeLog	Tue Oct 25 15:15:38 2011
+++ sudo-1.8.3p2/ChangeLog	Tue Jan 24 14:33:44 2012
@@ -1,3 +1,9 @@
+2012-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	*  Fixed a format string vulnerability when the sudo binary (or a 
+	symbolic link to the sudo binary) contains printf format escapes
+	and the -D (debugging) flag is used.
+
 2011-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 
 	* plugins/sudoers/Makefile.in:
diff -urNa sudo-1.8.3p1/NEWS sudo-1.8.3p2/NEWS
--- sudo-1.8.3p1/NEWS	Tue Oct 25 14:58:26 2011
+++ sudo-1.8.3p2/NEWS	Tue Jan 24 14:33:06 2012
@@ -1,3 +1,9 @@
+What's new in Sudo 1.8.3p2?
+
+ * Fixed a format string vulnerability when the sudo binary (or a
+   symbolic link to the sudo binary) contains printf format escapes
+   and the -D (debugging) flag is used.
+
 What's new in Sudo 1.8.3p1?
 
  * Fixed a crash in the monitor process on Solaris when NOPASSWD
diff -urNa sudo-1.8.3p1/configure sudo-1.8.3p2/configure
--- sudo-1.8.3p1/configure	Tue Oct 25 10:11:54 2011
+++ sudo-1.8.3p2/configure	Tue Jan 24 14:34:13 2012
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for sudo 1.8.3p1.
+# Generated by GNU Autoconf 2.68 for sudo 1.8.3p2.
 #
 # Report bugs to <http://www.sudo.ws/bugs/>.
 #
@@ -570,8 +570,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.3p1'
-PACKAGE_STRING='sudo 1.8.3p1'
+PACKAGE_VERSION='1.8.3p2'
+PACKAGE_STRING='sudo 1.8.3p2'
 PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
 PACKAGE_URL=''
 
@@ -1446,7 +1446,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.8.3p1 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.3p2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1511,7 +1511,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.8.3p1:";;
+     short | recursive ) echo "Configuration of sudo 1.8.3p2:";;
    esac
   cat <<\_ACEOF
 
@@ -1728,7 +1728,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.8.3p1
+sudo configure 1.8.3p2
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2432,7 +2432,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.8.3p1, which was
+It was created by sudo $as_me 1.8.3p2, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   $ $0 $@
@@ -20615,7 +20615,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.8.3p1, which was
+This file was extended by sudo $as_me 1.8.3p2, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -20681,7 +20681,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.8.3p1
+sudo config.status 1.8.3p2
 configured by $0, generated by GNU Autoconf 2.68,
   with options \\"\$ac_cs_config\\"
 
diff -urNa sudo-1.8.3p1/configure.in sudo-1.8.3p2/configure.in
--- sudo-1.8.3p1/configure.in	Tue Oct 25 10:11:40 2011
+++ sudo-1.8.3p2/configure.in	Tue Jan 24 14:34:10 2012
@@ -3,7 +3,7 @@
 dnl
 dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
 dnl
-AC_INIT([sudo], [1.8.3p1], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.8.3p2], [http://www.sudo.ws/bugs/], [sudo])
 AC_CONFIG_HEADER([config.h pathnames.h])
 dnl
 dnl Note: this must come after AC_INIT
diff -urNa sudo-1.8.3p1/src/sudo.c sudo-1.8.3p2/src/sudo.c
--- sudo-1.8.3p1/src/sudo.c	Fri Oct 21 09:01:26 2011
+++ sudo-1.8.3p2/src/sudo.c	Tue Jan 24 15:59:03 2012
@@ -1208,15 +1208,15 @@
 sudo_debug(int level, const char *fmt, ...)
 {
     va_list ap;
-    char *fmt2;
+    char *buf;
 
     if (level > debug_level)
 	return;
 
-    /* Backet fmt with program name and a newline to make it a single write */
-    easprintf(&fmt2, "%s: %s\n", getprogname(), fmt);
+    /* Bracket fmt with program name and a newline to make it a single write */
     va_start(ap, fmt);
-    vfprintf(stderr, fmt2, ap);
+    evasprintf(&buf, fmt, ap);
     va_end(ap);
-    efree(fmt2);
+    fprintf(stderr, "%s: %s\n", getprogname(), buf);
+    efree(buf);
 }