How to fix it? Well, you could build and install a new sudo, but here's a better idea: force sudo to always make you enter your password, which is just more secure in the first place. In the Terminal, type sudo visudo, enter your password, and in the configuration file add this line: Defaults timestamp_timeout=0
Save the file and exit the editor. Test it with back-to-back sudo bash commands. You should always be asked for a password. Now it doesn't matter what the clock is set to; you won't give away the store. I've tested this on 10.4 and 10.6; I see no reason why it won't work on 10.5, 10.7 or 10.8. 10.3 and earlier users, if sudo -V says a version that is 1.6 or later, you are also vulnerable. This may be fixed in a future 10.6 update, but really, this is just a safer way to use a tool that can be very dangerous if misconfigured.
Also, if it's [a day in the week ending in -day], it's time for another Java exploit. In the MITRE security note, they say "Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox," which, because Larry Ellison is a turdbucket, almost certainly means that this vulnerability can escape the Java sandbox. That also means that this is a cross-platform privilege escalation, because the sandbox runs platform-independent code, and Java 1.5 is already known to be vulnerable and will never be updated for Power Macs. If you are running Java applets on any version of PowerPC OS X, you need to surrender your power cord, now.
On BaselineCompiler progress, we are now passing 87 tests so far and slowly getting to phase 4. Also, our friend at Tenfourbird found a methodjit bug and created a fix that we will take for 17.0.9 and 22.0.2 (if there is one) (issue 239). Thanks, t_mrc!