Source: lp-solve Version: 5.5.0.15-4 Severity: important Tags: security User: helm...@debian.org Usertags: rebootstrap
Building the lp-solve package exposes users to a predictable /tmp file vulnerability. debian/rules runs lpsolve55/ccc. That script hard codes /tmp/platform.c. By setting up a carefully crafted symbolic link, and attacker on the same machine can gain privileges of the user running an lp-solve build. I did not request a CVE for this issue. Helmut
