Hello,
It was reported that the pear utility insecurely used the /tmp/
directory for cache data. A local attacker could use this flaw to
perform a symbolic link attack against a user (typically the root user)
running a pear command (such as "pear install").
Original report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282
Could a CVE please be assigned?
Thanks,
--
Murray McAllister / Red Hat Product Security
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
