Default installation allows user to su to root without password after installing shadow-package #430
This is basically the same problem as with #101, but this time it requires the installation of the shadow-package.
To demonstrate, here's how it happens:
It may as well be
referenced this issue
May 8, 2019
For the record, the upstream commit fixing the issue is: