CVE-2009-3736 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736): ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Forgot to ask... base-system: can we go stable with 2.2.6b?
i'm not aware of any regressions that would prevent stabilization
Arches, please test and mark stable: =sys-devel/libtool-2.2.6b Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
Stable media-sound/mpg123 first (bug 294106) because otherwise you'd be breaking the stable version... thanks :)
sparc stable
amd64/arm/x86 stable
ppc64 done
Stable for PPC.
alpha/ia64/m68k/s390/sh stable
GLSA request already filed.
This issue has been fixed since Dec 09, 2009. No GLSA will be issued.