Comment 8 for bug 995195

Marking as a security vulnerability: As noted in <https://bugs.launchpad.net/ubuntu/+source/apt-listchanges/+bug/787802/comments/9>, it's possible to get to a root shell from 'less' (the pager invoked by apt-listchanges). While 'less' is displaying the list of changes, type '!sh' (without the quotes) and hit enter. This allows a user that is authorized to do the org.debian.apt.upgrade-packages policykit action to invoke arbitrary commands as root.

Note that users are not required to type a password to run the org.debian.apt.upgrade-packages action (see <https://wiki.ubuntu.com/SecurityTeam/FAQ#Update_Manager_doesn.27t_prompt_for_security_updates>). This makes it possible for malware running as the authorized user to gain root access without knowing the password.