From the Secunia advisory at: http://secunia.com/advisories/41997/ A security issue has been reported in VIPS, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the vips-7.22 script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the script in a directory containing a malicious library. The security issue is reported in versions prior to 7.22.3.
7.22.4 that fixes this problem is in the tree. Arch teams stabilize it and also stabilize nip2 as it's good idea for them to go stable together. media-libs/vips-7.22.4 media-gfx/nip2-7.22.3
x86 stable
all ok on amd64
amd64 done. Thanks Agostino
Stable for PPC.
Thanks, folks. GLSA request filed.
This issue was resolved and addressed in GLSA 201401-29 at http://security.gentoo.org/glsa/glsa-201401-29.xml by GLSA coordinator Mikle Kolyada (Zlogene).