Package: axiom
Version: 20100701-1.1
Severity: important
Tags: security

Dear Maintainer,

Your package contains a funny tmp file vulnerability.

$ grep 'tempfile).' -r .
./debian/axiom-test.sh:k=$(tempfile).input
$

This is wrong. It creates a secure tempfile, but doesn't use it and
instead generates a (now) predictable(!) name without opening it in a
safe (O_CREAT) way.

Helmut


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to