From ${URL} : Description Steve Kemp has discovered a security issue in pen, which can be exploited by malicious, local users to manipulate certain data. The security issue is caused due to the application creating the "webfile.html" temporary file in an insecure manner. This can be exploited to manipulate the contents of certain files via symlink attacks. The security issue is confirmed in version 0.21.1. Other versions may also be affected. Solution: No official solution is currently available. Provided and/or discovered by: Steve Kemp Original Advisory: http://openwall.com/lists/oss-security/2014/03/12/14 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
+ 15 Oct 2014; Michael Palimaka <kensington@gentoo.org> +pen-0.25.1.ebuild: + Version bump wrt bug #505168. Should be fine to stabilise.
x86 done.
amd64 stable. Maintainer(s), please cleanup. Security, please vote.
+ 03 Apr 2015; Michael Palimaka <kensington@gentoo.org> -pen-0.20.1.ebuild: + Remove old.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: No
GLSA Vote: No