Four new advisories released by upstream.
Possible session manipulation in Swekey authentication.
Possible code injection in setup script in case session variables are compromised.
Regular expression quoting issue in Synchronize code.
Possible directory traversal.
All appear fixed in 126.96.36.199.
*** Bug 374167 has been marked as a duplicate of this bug. ***
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
amd64 done. Thanks Agostino and Ian
x86 stable. Thanks
Stable for HPPA.
Thanks, folks. Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201201-01 at http://security.gentoo.org/glsa/glsa-201201-01.xml
by GLSA coordinator Tim Sammut (underling).