It was discovered [1],[2] the the GNU Debugger (gdb) would load untrusted files from the current working directory when .debug_gdb_scripts was defined. While this was a design decision, it is an insecure one and users who do not pre-inspect untrusted files may execute arbitrary code with their privileges. References: http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html
CVE-2011-4355 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4355): GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
According to CVE this is fixed in 7.5 That has already been stabilized @maintainers: Please clean up vulnerable versions
Maintainer(s), please drop the vulnerable version(s).
Maintaner(s): Please drop affected versions, security will remove or mask in 30 days if no response.
Vulnerable versions have been removed. Security, please vote.
Vote: no.
GLSA Vote: No Thank you all. Closing as noglsa.