Package: packagekit Version: 1.0.6-1 Severity: important packagekit creates a /tmp/aptcc directory, to then create a temporary sub-directory with mkdtemp. That seems to entirely miss the point of mkdtemp. Please make the template /tmp/aptccXXXXXX or something like that instead of /tmp/aptcc/XXXXXX. On a related note packagekit seems to ignore the return value of g_mkdir and mkdtemp. (I'm wondering what would be the impact of a user either creating /tmp/aptcc as a file, or as a symlink to some root-owned directory.)
Cheers, Julien
signature.asc
Description: Digital signature
