Gentoo Linux Security Advisory GLSA 200907-10 – Syslog-ng does not properly initialize its chroot jail allowing for an escape if a separate vulnerability in Syslog-ng is exploited. Florian Grandel reported that Syslog-ng does not call chdir() before chroot() which leads to an inherited file descriptor to the current working directory. Versions less than 2.1.3 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/79126/glsa-200907-10.txt
Source: https://packetstormsecurity.com/files/79126/Gentoo-Linux-Security-Advisory-200907-10.html