Package: minitube Version: 1.5-1 Severity: serious Playing "/tmp/minitube-pkern.mp4"
This allows a hostile user to overwrite any file the user controls with YouTube content. Bad. /tmp is world-writeable and must not be used with predictable filenames. Instead you need to employ secure temporary file creation. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-rc7-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages minitube depends on: ii dbus-x11 1.4.16-1 ii gstreamer0.10-ffmpeg 0.10.12-3 ii gstreamer0.10-plugins-bad 0.10.22-3 ii gstreamer0.10-plugins-good 0.10.30-1 ii gstreamer0.10-x 0.10.35-1 ii libc6 2.13-21 ii libgcc1 1:4.6.1-4 ii libphonon4 4:4.6.0really4.5.0-5 ii libqt4-dbus 4:4.7.3-5 ii libqt4-network 4:4.7.3-5 ii libqt4-xml 4:4.7.3-5 ii libqtcore4 4:4.7.3-5 ii libqtgui4 4:4.7.3-5 ii libstdc++6 4.6.1-4 ii phonon 4:4.6.0really4.5.0-5 ii phonon-backend-gstreamer 4:4.6.0really4.5.1-1 minitube recommends no packages. minitube suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
