After notification of CVE-2014-9090, Borislav Petkov pointed out to Lutomirski some further flaws that existed even after vulnerability.
Lutomirski has stated that the fix which was released for CVE-2014-9090 also patches CVE-2014-9322.
If a user is a member of the wheel group, they are authorized by definition.
Obviously you shouldnt give non-trusted users wheel privileges.
This is a non-issue.
source: www.techworm.net
