> Debian hasn't fixed this in squeeze or wheezy yet, it's fixed in jessie because they have a recent enough version of sudo.
They haven't fixed it because they were never vulnerable: they don't allow you to change the clock without a password.
> We do plan on backporting monolithic timer support, we just have not had time yet.
Was a year and two releases not enough time?
> Debian hasn't fixed this in squeeze or wheezy yet, it's fixed in jessie because they have a recent enough version of sudo.
They haven't fixed it because they were never vulnerable: they don't allow you to change the clock without a password.
> We do plan on backporting monolithic timer support, we just have not had time yet.
Was a year and two releases not enough time?