Package: tribler Version: 6.2.0+git20130731.149555fa-2 Tags: security The script /usr/bin/tribler redirects its output to /tmp/$USER-tribler.log. If an attacker creates a symlink with this name pointing to one of the user's files, this file would be overwritten.
The safe way to create a file in a world-writable directory like /tmp is mktemp(1). -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org