This is fixed in the development branch with commit 174385b8997bdb71da92060787b66a000be14f9b
On Mon, Mar 23, 2020 at 9:39 PM Salvatore Bonaccorso <car...@debian.org> wrote: > Source: zim > Version: 0.72.0-1 > Severity: important > Tags: security upstream > Control: found -1 0.68-1 > Control: found -1 0.65-4 > > Hi, > > The following vulnerability was published for zim. > > CVE-2020-10870[0]: > | Zim through 0.72.1 creates temporary directories with predictable > | names. A malicious user could predict and create Zim's temporary > | directories and prevent other users from being able to start Zim, > | resulting in a denial of service. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2020-10870 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10870 > [1] https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028 > > Regards, > Salvatore > >
