rxvt-unicode is vulnerable to the same X11 Display issue as rxvt, "The security issue is caused due to the program using ":0" as it's X11 display if the DISPLAY environment variable is missing. This can be exploited to execute arbitrary commands with the privileges of the user running rxvt via a malicious X server." rxvt bug #217819
patch is in bug 217819
Created attachment 151843 [details, diff] rxvt-unicode-9.02-CVE-2008-1142-DISPLAY.patch This patch was taken from the rxvt bug report and slightly adapted to the new environment.
I've updated the ebuild to 9.02-r1 which includes this patch.
Arches, please test and mark stable: =x11-terms/rxvt-unicode-9.02-r1 Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"
Stable for HPPA.
alpha/sparc/x86 stable
ppc64 stable
amd64 stable
ppc already is marked stable ...
Fixed in release snapshot.
GLSA 200805-03