Public bug reported: Binary package hint: system-config-printer-gnome
system-config-printer/asyncpk1.py create temporary file with fixed name "foo" under /tmp . testcase : 1) run "python /usr/share/system-config-printer/asyncpk1.py" 2) click on "Go" 3) click on "Get file" Result : /tmp/foo created . the bug can be found at : def get_file_clicked (self, button): self.my_file = file ("/tmp/foo", "w") self.conn.getFile ("/admin/conf/cupsd.conf", file=self.my_file, reply_handler=self.got_file, error_handler=self.get_file_error) fix : use mkstemp alike functionality. ** Affects: system-config-printer (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/793533 Title: Insecure temporary file creation in asyncpk1.py -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs