CVE-2010-3351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3351): startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
This should be fixed in 0.60.9 now in CVS.
(In reply to comment #1) > This should be fixed in 0.60.9 now in CVS. Thank you. Closing noglsa for ~arch only package.