An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.
References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804 https://packetstormsecurity.com/files/132061/hwclock-Privilege-Escalation.html
Upstream Patch: https://github.com/util-linux/util-linux/commit/687cc5d58942b24a9f4013c68876d8cbea907ab1