Package: python-eyed3
Version: 0.6.18-1
Severity: important
Tags: security
eyeD3/tag.py contains this code (twice):
# Open tmp file
tmpName = tempfile.mktemp();
tmpFile = file(tmpName, "w+b");
From the tempfile.mktemp() docstring: “This function is unsafe and
should not be used. The file name refers to a file that did not exist at
some point, but by the time you get around to creating it, someone else
may have beaten you to the punch.”
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
