From oss-security mailing list at $URL:
* Sat Jul 30 2011 Ted Felix <http://www.tedfelix.com>
- 2.0.11 release
- Set umask to 0077 for scripts run by acpid. (event.c) (Ted Felix)
Discovered by Helmut Grohne and Michael Biebl.
Already fix in tree, just to track CVE.
Secunia advisory reference:
Thanks, Agostino. GLSA Vote: no.
event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate
umask setting during execution of event-handler scripts, which might allow
local users to (1) perform write operations within directories created by a
script, or (2) read files created by a script, via standard filesystem