From ${URL} : Murray McAllister from Red Hat Security Response Team discovered that rc creates temporary files in an insecure way: $ strace -o '| grep /tmp' ./test-heredoc open("/tmp/here217f.0000", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 5 open("/tmp/here217f.0000", O_RDONLY|O_LARGEFILE) = 5 moo unlink("/tmp/here217f.0000") = 0 As you can see, the filenames are easily predictable, and the O_EXCL flag is missing. @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Dead upstream and unpatched security vulnerability. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ebb563e6600c73f5befed25fecf309216971fde
Package removed: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=440bfa1df3474bb8e07c1bb5d489175db966c5eb