http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869 Possible symlink attack via the temporary created "/tmp/rot.jpg" file used for image rotation. Furthermore Nico Golde reported discovered that shell code could be executed via crafted filenames: http://thread.gmane.org/gmane.comp.security.oss.general/845/focus=872 A patch can be found at the debian bug (not reviewed yet): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495968
*gpicview-0.1.10 (12 Sep 2008) 12 Sep 2008; Markus Meier <maekke@gentoo.org> -gpicview-0.1.8.ebuild, -gpicview-0.1.9.ebuild, +gpicview-0.1.10.ebuild: bump to 0.1.10, remove old ebuilds, security bug #236525 this should fix the mentioned security bugs (I checked /tmp/rot.jpg bug)
confirmed, thanks for bumping. Closing [noglsa].