From the Secunia advisory at $URL: Description A security issue has been reported in bareFTP, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the "bareftp" script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the script in a directory containing a malicious library. Solution Update to version 0.3.6.
Bumped: +*bareftp-0.3.7 (10 Dec 2010) + + 10 Dec 2010; Pacho Ramos <pacho@gentoo.org> -bareftp-0.3.4.ebuild, + +bareftp-0.3.7.ebuild: + Version bump with bugfixes, including a fix for tests and a security one (bug + #348340). Remove old. +
(In reply to comment #1) > Bumped: > Thanks! Closing noglsa.
*** Bug 337529 has been marked as a duplicate of this bug. ***