As described in bug #377929 minitube-1.5 suffers from insecure temporary file vulnerability which could lead to DOS attack. The bug has been fixed in minitube-1.6 which is now on portage. I strongly suggest to perform a 0 day stabilization on this version. If you agree please CC arches.
Just to clarify, 1.5-r1 has a temporary (badly coded but still better than nothing) fix which was rejected by upstream.
Arches, please test and mark stable:
target KEYWORDS : "amd64 x86"
NB: fails with linguas fr, ar... can those be disabled on the fly or fixed ?
> NB: fails with linguas fr, ar... can those be disabled on the fly or fixed ?
ar works, my bad... fr doesn't
amd64 : Ok
+ 01 Nov 2011; Tony Vroon <email@example.com> minitube-1.6.ebuild:
+ Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo,
+ Elijah "Armageddon" El Lazkani & Tomáš "Mepho" Pružina in security bug
Thanks, folks. GLSA vote: yes.
Created new GLSA request.
This issue was resolved and addressed in
GLSA 201203-18 at http://security.gentoo.org/glsa/glsa-201203-18.xml
by GLSA coordinator Sean Amoss (ackle).