Package: src:ace Version: 6.2.7+dfsg-1 Severity: grave Tags: security bin/generate_doxygen.pl line 177 says:
| my $output = "/tmp/".$i.".".$$.".doxygen"; The filename used is predictable and thus allows elevating privileges to the user running the build. Unless there is an independent discovery, this is the initial public disclosure of this vulnerability. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
