CVE-2009-2353 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2353): encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files.
+*eaccelerator-0.9.5.3-r1 (14 Aug 2009) + + 14 Aug 2009; Alex Legler <a3li@gentoo.org> -eaccelerator-0.9.5.1.ebuild, + -files/eaccelerator-0.9.5.1-optimize-catch-exceptions.patch, + -eaccelerator-0.9.5.3.ebuild, +eaccelerator-0.9.5.3-r1.ebuild, + +files/eaccelerator-remove-encoder.patch: + Non-mainatiner commit: Removing encoder because it a) contains a + vulnerabilitiy and b) is already deprecated by upstream and will be gone + anyway in the next upstream release. Security bug 277293. Removing + vulnerable versions. Closing.