CVE-2018-14348 (https://nvd.nist.gov/vuln/detail/CVE-2018-14348): libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
Upstream patch: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
(In reply to Thomas Deutschmann from comment #1) > Upstream patch: > https://sourceforge.net/p/libcg/libcg/ci/ > 0d88b73d189ea3440ccaab00418d6469f76fa590/ Thanks for the report! I've added the patch in libcgroup-0.41-r5.ebuild and will rapid stabilize it soon.
I just marked libcgroup-0.41-r5.ebuild stable on amd64 and x86 and removed the vulnerable version.
Tree is clean.
GLSA Vote: No Thank you all for you work. Closing as [noglsa].
tree is clean