Package: wdiff Version: 0.5-17 Severity: normal Tags: upstream security patch
wdiff uses tmpnam(buf) to generate a temporary file, and fopen(buf, "w+") that name, which is vulnerable to the usual symlink attack. It should use one of the tmpnam alternatives like tmpfile(). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
