From sarg ChangeLog ( http://sarg.sourceforge.net/sarg.ChangeLog.txt ):
security issues can be exploited to execute arbitrary code when sarg
is used with malicious input files.
The vulnerability within the processing of the useragent.log is rather
critical, as this can be exploited by passing a long user agent string
when browsing via a squid proxy. the manipulated GET request in the
access log would not be accepted by squid, so that file has to be specially crafted.
Thank you to L4teral l4teral AT gmail.com
Arch teams, please be aware that previous version of sarg was full different crash problems and it never hit portage...
Arches, please test and mark stable:
Target keywords : "amd64 ppc release x86"
Fixed in release snapshot.
GLSA 200803-21, thanks to everybody