Nikolaus Schulz wrote:
Package: libid3-3.8.3c2a
Version: 3.8.3-6
Severity: grave
Tags: security
Justification: user security hole
Hi,
when tagging file $foo, a temporary copy of the file is created, and for some
reason, libid3 doesn't use mkstemp but just creates $foo.XX
Package: libid3-3.8.3c2a
Version: 3.8.3-6
Severity: grave
Tags: security
Justification: user security hole
Hi,
when tagging file $foo, a temporary copy of the file is created, and for some
reason, libid3 doesn't use mkstemp but just creates $foo.XX literally,
without any checking.
This
2 matches
Mail list logo
