ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
attempts to open a .la file in the current working directory, which
allows local users to gain privileges via a Trojan horse file.
Forgot to ask... base-system: can we go stable with 2.2.6b?
i'm not aware of any regressions that would prevent stabilization
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
Stable media-sound/mpg123 first (bug 294106) because otherwise you'd be breaking the stable version... thanks :)
Stable for PPC.
GLSA request already filed.
This issue has been fixed since Dec 09, 2009. No GLSA will be issued.