A security issue has been reported in SplitVT, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the program maintaining group privileges while executing the "xprop" utility. This can be exploited by malicious, local users to gain "utmp" group privileges. The security issue is reported in versions 1.6.5 and 1.6.6. Other versions may also be affected. Solution: apply the patch from debian from http://www.debian.org/security/2008/dsa-1500
maintainers - please provide an updated ebuild
app-misc/splitvt-1.6.6-r1 is in the tree and includes fix for this bug.
Arches please test and mark stable. Target keywords are: splitvt-1.6.6-r1.ebuild:KEYWORDS="~amd64 ~ia64 ppc sparc x86"
x86 stable
sparc stable
ppc stable
Fixed in release snapshot.
Request filed.
GLSA 200803-05