The source project of this merge request has been removed.
Restrict access to sympa_newaliases-wrapper (setuid root) to group sympa
Following https://security-tracker.debian.org/tracker/CVE-2020-10936 and upcoming issues from https://github.com/sympa-community/sympa/issues/943 , I suggest removing 'other' access to sympa_newaliases-wrapper which is setuid root, following upstream's Makefile.
I plan to ship this shortly in a stretch (LTS) security update.
AFAICT with these new permissions the aliases are still generated correctly on list creation.