Yesterday, I ran `sudo apt update` on a Debian system, and noticed that sudo was the only package to update. I found that was kind of funny (I invoked it to update itself), but this explains why it needed updating.

https://github.com/advisories/GHSA-695j-c63m-mvxc

and

https://github.com/advisories