Package: gource Version: 0.26-1 Severity: grave Tags: security Gource logs to a file named /tmp/gource-$UID.tmp (see src/commitlog.cpp line 231 ff.), enabling malicious co-users to overwrite an arbitrary file via a symlink attack.
-- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
