Package: axiom Version: 20100701-1.1 Severity: important Tags: security Dear Maintainer,
Your package contains a funny tmp file vulnerability. $ grep 'tempfile).' -r . ./debian/axiom-test.sh:k=$(tempfile).input $ This is wrong. It creates a secure tempfile, but doesn't use it and instead generates a (now) predictable(!) name without opening it in a safe (O_CREAT) way. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
