audispd binary has incorrent permissions

I see the same problem in both maverick and natty. I see it is "triaged", but no importance has been assigned.

Has anyone looked at the risks involved and why it is wrong?

This bug was fixed in the package audit - 1:2.2.2-1ubuntu1

---------------
audit (1:2.2.2-1ubuntu1) raring; urgency=low

  * Merge from Debian experimental (LP: #1092760). Remaining changes:
    - debian/auditd.init: apply the intent of Peter Moody's patch to add
      support for rules.d directory for splitting out audit.d rules
  * The new upstream release fixes two outstanding Ubuntu bugs:
    - audispd binary has incorrent permissions (LP: #683220)
      + In auditd, relax some permission checks for external apps
    - auditctl uses wrong syscall to determine uid (LP: #957519)
      + In auditctl, check usage against euid rather than uid
  * Fix FTBFS caused by Python mulitarch layout which splits Python header
    files across multiple directories
    - debian/patches/FTBFS-python-multiarch.diff: Use python-config to
      determine the appropriate include directories

audit (1:2.2.2-1) experimental; urgency=low

  * QA upload.
  * New upstream release
    - Add debian/patches/fix-make-check.diff: Try to unbreak make check
    - debian/auditd.install: Install systemd service file
    - debian/libauparse0.symbols: Adjust .symbols file
  * Enable support for Alpha and ARM ABI (Closes: #681457)

audit (1:2.2.1-2) experimental; urgency=low

  * QA upload.
  * Orphan audit package with maintainer approval
  * Split libauparse out of libaudit package and put /etc/libaudit.conf in its
    own package thanks to Alban Browaeys (Closes: #682251)
  * Drop useless debian/patches/rpath.diff and call to chrpath, call
    dh_autoreconf to be sure autofoo are up-to-date instead.
  * debian/auditd.install: Install auvirt executable, thanks to Guido Günther
    (Closes: #688440)
  * Convert to multiarch policy (Closes: #687121)
  * Add missing X-Python-Version header
  * Enable libcap-ng support
  * Let's dh_python2 take care of removing *.p[co] files
  * Drop pam-config stanza for loginuid, it's only intended to be called from
    entry point PAM services (Closes: #676527)
  * Drop debian/auditd.postinst: this was needed before squeeze release
  * Drop useless debian/patches/ld-no-add-needed.diff: libkrb5 is already
    properly passed at link time
  * Drop debian/patches/mode.diff: Upstream is now checking if the mode of the
    executable is either 0750 or 0755 and not only 0750
  * Drop several patches and files that were not used anymore but not dropped
    on disk
  * Refresh and reapply debian/patches/manpage-dash.diff
  * debian/control: Add Vcs-* fields
  * Add debian/gbp.conf file
  * Run wrap-and-sort script
  * Only attempt to build on linux-any architectures

audit (1:2.2.1-1) experimental; urgency=low

  * Non-maintainer upload (with maintainer's blessing)
  * New upstream release
  * Refit patches
  * debian/control: bump Standards-Version (no changes)
  * debian/control: bump versioned build dep on debhelper to 9
  * debian/control: add build dep on dpkg-dev >= 1.16.1~ to get
    dpkg-buildflags support for hardening
  * debian/compat: bump up to 9

audit (1:1.7.18-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Revert last upload versioned 2.1.3-1 and made by Russell Coker.
 -- Tyler Hicks <email address hidden> Thu, 20 Dec...