From URL: Berkeley DB versions 2 and later try to read settings from a file DB_CONFIG in the current directory. This undocumented feature may introduce undisclosed vulnerabilities resulting in privilege escalation with Postfix set-gid programs (postdrop, postqueue) before they chdir to the Postfix queue directory, and with the postmap and postalias commands depending on whether the user's current directory is writable by other users. @maintainter(s): Due to the undisclosed vulnerability, I filled this bug for your review. Version 3.2.3 is waiting stabilization, though at this time it is not clear if we are affected. Please weigh-in on if we are or are not currently affected, thank you.
mail-mta/postfix-3.1.6 is not vulnerable and stable in the tree. You should be able to mark this one as fixed.
Eray, Thanks for confirming. Will do.