Jon Dowland wrote: > Package: tracker > Version: 0.6.6-1 > Severity: normal > > /usr/lib/tracker/filters/application/msword_filter uses > '$$' as part of a temporary filename. In fact that's the > only variable part (apart from TMPDIR). >
Could you elaborate why you think the the tempfile creation is insecure. FWIW the filters were written after consulting http://www.linuxsecurity.com/content/view/115462/81/#mozTocId831427 One downside of mktemp -t obviously is, that not all mktemp implementations support it (admittedly that doesn't affect the one in Debian). Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
