From secunia security advisory at $URL:
The weakness is caused due to child processes being able to change the memory type record of the "scoreboard" shared memory segment, which can be exploited to cause an invalid free operation during the shutdown of the parent process.
Fixed in the SVN repository.
Added to existing GLSA request.
For the record: CVE in bug 401081.
This issue was resolved and addressed in
GLSA 201206-25 at http://security.gentoo.org/glsa/glsa-201206-25.xml
by GLSA coordinator Tobias Heinlein (keytoaster).