ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated
shell command injection resulting in remote code execution
@Maintainers please call for stabilization when ready.
@arches, please stabilize.
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
Since xrootd-4.8.3 is now stable, I dropped earlier versions from the tree and bumped unstable to 4.9.0.
This issue was resolved and addressed in
GLSA 201903-11 at https://security.gentoo.org/glsa/201903-11
by GLSA coordinator Aaron Bauman (b-man).