Gentoo Linux Security Advisory GLSA 200810-02 - A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories. The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python code using python -c, which includes the current working directory in Python's module search path. For several ebuild functions, Portage did not change the working directory from emerge's working directory. Versions less than 2.1.4.5 are affected.
ce3ad9b7b7e0f9a9677e6d92d0a272c9a7bff74690651769e70257e3910d286e