CVE-2010-0301 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0301): main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.
2.4.2 is already in the tree. I haven't seen any complains about this version.
I'll take that as an OK for stabilizing. Arches, please test and mark stable: =mail-filter/maildrop-2.4.2 Target keywords : "alpha amd64 arm hppa ia64 ppc s390 sh sparc x86"
x86 stable
amd64 stable
arm stable
Marked ppc stable for bug #308043."
Stable for HPPA.
alpha/ia64/s390/sh/sparc stable
GLSA request filed.
GLSA 201009-02