rxvt-unicode is vulnerable to the same X11 Display issue as rxvt,
"The security issue is caused due to the program using ":0" as it's X11 display
if the DISPLAY environment variable is missing. This can be exploited to
execute arbitrary commands with the privileges of the user running rxvt via a
malicious X server."
rxvt bug #217819
patch is in bug 217819
Created attachment 151843 [details, diff]
This patch was taken from the rxvt bug report and slightly adapted to the new environment.
I've updated the ebuild to 9.02-r1 which includes this patch.
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"
Stable for HPPA.
ppc already is marked stable ...
Fixed in release snapshot.