CVE-2008-5368 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5368): muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file.
*ping*
0.73 has fixed the symlink attack. It's available on sf.net.
It's not viewable on http://muttprint.sourceforge.net, so here is the link: http://sourceforge.net/project/showfiles.php?group_id=33943
0.72d-r1 is a patched version.
Arches, please test and mark stable: =app-misc/muttprint-0.72d-r1 Target keywords : "alpha amd64 ia64 ppc ppc64 x86"
amd64/x86 stable
ppc64 done
Stable on alpha.
ia64 stable
ppc done
Ready for vote, I vote YES.
YES too, request filed
GLSA 200903-35