Package: zstd Version: 1.4.8+dfsg-1 Severity: grave Tags: security X-Debbugs-Cc: t...@security.debian.org
The recently applied patch still creates the file with the default umask[0], before chmod'ing down to 0600, so an attacker could still open it in the meantime. Cheers, -- Seb [0] https://github.com/facebook/zstd/blob/dev/programs/fileio.c#L682
