From https://secunia.com/advisories/51343/ : Description A vulnerability has been reported in rssh, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an error when validating the "--rsh" command line option and can be exploited to bypass the allowed commands filter checks resulting in reduced shell restrictions. The vulnerability is reported in versions prior to 2.3.4. Solution Update to version 2.3.4.
The bump is on my TODO list for today
Bumped. Please proceed with the stabilization
Arches, please test and mark stable: =app-shells/rssh-2.3.4 Target keywords : "amd64 ppc x86"
Archtested on x86: Everything OK - Compiles with all USE-flags. - Repoman reports no errors. - Successfully set up a restrictive shell and verified that it worked as I intended it to.
amd64 stable
ppc stable
x86 done, Thanks Dan Dexter for testing! Last arch!
Thanks, everyone. GLSA vote: no.
GLSA Vote: no too, closing noglsa.
Reopening as it has been added to GLSA draft
This issue was resolved and addressed in GLSA 201311-19 at http://security.gentoo.org/glsa/glsa-201311-19.xml by GLSA coordinator Sergey Popov (pinkbyte).