Qt Creator before 2.0.1 places a zero-length directory name in the
LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan
horse shared library in the current working directory.
Please punt vulnerable versions.
vulnerable versions gone
GLSA request filed.
Thanks all. Affected versions not in tree anymore. Remove qt from cc.
This issue was resolved and addressed in
GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).