Backport of:

From 12648b4e0a8cf486480442efd52f0e0b6cab6e8b Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Mon, 13 Mar 2023 08:04:32 -0600
Subject: [PATCH] Add missing " ; " separator between environment variables and
 command. This is a regression introduced in sudo 1.9.13. GitHub issue #254.

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/sudo/tree/debian/patches/CVE-2023-2848x-2.patch?h=ubuntu/focal-security
Upstream commit https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b]
CVE: CVE-2023-28486 CVE-2023-28487
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 lib/eventlog/eventlog.c | 1 +
 1 file changed, 1 insertion(+)

--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -1018,6 +1018,7 @@ new_logline(const char *message, const c
 	    sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, " %s",
 		sudo_user.env_vars[i]);
 	}
+	sudo_lbuf_append(&lbuf, " ; ");
     }
     if (user_cmnd != NULL) {
 	sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL|LBUF_ESC_BLANK,