Package: git-repair Version: 1.20150106-2 Severity: grave Tags: security Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 git-repair uses /tmp/tmprepo.0/.git/ which is clearly static, and I believe therefore (on non-hardened systems) insecure. - Jonas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWZc+/AAoJECx8MUbBoAEhfMsP/0TcaMfVoWdkFqwY4+4gFjFn 0iRp1AZgNA8pnrgdcnQNFIm6PvarOQZZ6K62cg7OfiuEIyji+u8DV8Pl741TPWr2 cJWaIPMWY5CX9hKRJMikE4JsxtmdNoZ+iXzGj/Mv50jx+SJL2AT1cjTi9kgoq9uE FtyJAv0hooTenuKQzQz54dSiKQFfnVC7IoCYeMm/nPiveE9+CmaGg19IGUoy921Q cXU9cmBk1Qv0aU9ErSa9FZl3mr+Q7+EbN30Qa5LciZMR2PFbG9CdkdWBXia14j3P ZsIlyogcwukqtEu20jh54jaG3n0FnfMFOcvW6bi4RckwcL6FXp2h8U992vY3teCe B/882vP+aNLeRhub+a/p4xUWsq5Z+Sbf1UX4iXT9hZRQ3mRyfwxy44Okh46tFLQe tn7xoj676wPbZhx/j8cdh2S2sXQBTwg7wwRDz0ngM9YA5477sqPf0aoPcG5yRdgp Herfwwblcny5LD868eEM2WuIygX4BRhfzAXPqgQYr46BVU3fUkVJeEwMqt4XKaXd IFV0TG4B+mgTewe1NYQOtmkRIg/6owp9YS/bQq4yhUos5gITzB2vaFVWsAHejFHI K1XInYeBv33vhmnfsnjAc+G1xVJzFZfUHZvjPb9144f/hkMnwQZhXP877qQndQtt k3+PtInTNWBmgAxZEF1x =0nH4 -----END PGP SIGNATURE-----
