CVE-2009-3564 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3564): puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
Seems already fixed (haven't checked), needs a GLSA vote. Vote: yes.
According to upstream[*] this has been fixed in 0.24.8, and we do not have any version older than that in portage. [*] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3564
YES too, request filed.
This issue was resolved and addressed in GLSA 201203-03 at http://security.gentoo.org/glsa/glsa-201203-03.xml by GLSA coordinator Sean Amoss (ackle).