I already pushed my version (with the unlink) on the master branch before i saw your version on the debian bugtracker, but it does exactly the same, the only difference is that i'm removing the file inside getSkillname() right after the reading is over and you let getSkillname() finish the parsing of the data it has read.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/607309 Title: vulnerability: rewrite arbitrary user file -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs