@FamousJameous Good call and thanks for getting the word out. Testing the way the qualsys blog recommends testing for the vulnerability, it looks like PureOS amber is patched as well.
Must have come in overnight. I just installed it on my Librem 5.
Unpacking sudo (1.8.27-1+deb10u3) over (1.8.27-1+deb10u2) ...
This would be a serious vulnerability in multi-user systems but since it requires unprivileged access in the first place, for most single-user devices it would require either physical access or a blended attack involving some other vulnerability in order to exploit it.