<app-emacs/lookup-1.4.1 suffer from insecure creation of temporary files:
"Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files."
Fixed in 1.4.1.
x86, please stabilise.
app-emacs/tramp had a similar problem (bug 194713) and was rated B3, too. GLSA vote now open.
I tend to vote YES.
Vulnerable revisions 1.4 and 1.4-r1 have been removed.
yes too, request filed.