From secunia advisory at $URL:
A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
The security issue is caused due to the application using a temporary file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks.
The security issue is reported in versions prior to 2.71.
Update to version 2.71.
@maintainer, ok to stabilize it?
Arches, please test and mark stable:
Target KEYWORDS : "alpha amd64 ia64 ppc sparc x86"
Builds fine on x86. Rdeps build fine as well. Please mark stable for x86.
x86 stable, thanks Myckel!
Stable on alpha.
ia64/sparc keywords dropped
GLSA vote: yes.
Vote yes too. New GLSA request filed.
The Config::IniFiles module before 2.71 for Perl creates temporary files
with predictable names, which allows local users to overwrite arbitrary
files via a symlink attack. NOTE: some of these details are obtained from
third party information. NOTE: it has been reported that this might only be
exploitable by writing in the same directory as the .ini file. If this is
the case, then this issue might not cross privilege boundaries.
This issue was resolved and addressed in
GLSA 201208-05 at http://security.gentoo.org/glsa/glsa-201208-05.xml
by GLSA coordinator Sean Amoss (ackle).