Details follow: Joey Hess discovered that "unshar" created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Debian/ubuntu patch: http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.2.diff.gz
4.2.1-r11 now in portage with the relevant parts of the ubuntu patch
Arches, please test and mark stable 4.2.1-r11
stable on ppc64
x86 done
Stable on ppc.
sparc stable.
Stable on mips.
Stable on alpha.
05 Apr 2005; Jan Brinkmann <luckyduck@gentoo.org> sharutils-4.2.1-r11.ebuild: Stable on amd64, bug #87939.
hansmi has marked this package stable.
GLSA 200504-06 arm/ia64/s390, please mark stable to benefit from GLSA.