CVE-2011-1496 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1496): tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.
Unless I'm missing something, we're not affected by this, because in Gentoo tmux runs under the user's group, not utmp.
(In reply to comment #1) > Unless I'm missing something, we're not affected by this, because in Gentoo > tmux runs under the user's group, not utmp. Thanks, Alex. Verified locally using tmux-1.4. Closing as INVALID.