Package: gource Version: 0.26-1 Severity: grave Tags: security Gource logs to a file named /tmp/gource-$UID.tmp (see src/commitlog.cpp line 231 ff.), enabling malicious co-users to overwrite an arbitrary file via a symlink attack.
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
