Hi, > The attached patch to vorbis.c changes the temporary file naming scheme > to use the name of the Ogg file with ".vgain.tmp" appended.
I'm not a security crack, but to me this sounds like a bad idea as with this we have predictable temporary filenames, which could give an attack vector to an attacker. Wouldn't it make sense to use a secure tmp file name instead? Regards, Patrick
signature.asc
Description: Digital signature
