Maintainers, please commit an updated ebuild.
Diego allowed me to bump it, which I just did.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
Stable for PPC.
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a
pseudo-command is enabled, permits a match between the name of the
pseudo-command and the name of an executable file in an arbitrary
directory, which allows local users to gain privileges via a crafted
executable file, as demonstrated by a file named sudoedit in a user's
sudo 1.6.x before 1.6.9p21, when the runas_default option is used,
does not properly set group memberships, which allows local users to
gain privileges via a sudo command.
GLSA request filed.
MIPS guys: please see to add ~mips ASAP
In  points some new issues with sudoedit.
This affects up to 1.7.2p5.
p6 is in tree, since p6 is a different (but related) problem and p4 is all stable, maybe a new bug?
(In reply to comment #12)
> p6 is in tree, since p6 is a different (but related) problem and p4 is all
> stable, maybe a new bug?
Right. I just filed bug 321697.
This bug here is fixed, it's only kept open for ~mips.
just for the record, as I didn't see it mentioned... this was GLSA 201003-01