Comment 2 for bug 16700

As I read http://www.securityfocus.com/bid/13171/discussion/ , which has
been assigned CVE id CAN-2005-1119, this is a security hole because
visodo is not limited to editing /etc/sudoers. With the -f switch, it
can be made to edit some other file; if that other file is in a
directory to which an attacker has write access, they can overwrite
arbitrary files via a symlink attack.

Still fairly theoretical, but I wanted to note that this is
CAN-2005-1119 ..

--
see shy jo