Source: libreoffice Version: 1:5.4.0-1 Severity: important Tags: security upstream
Looking at a sample build log (https://buildd.debian.org/status/fetch.php?pkg=libreoffice&arch=m68k&ver=1%3A5.4.1-1&stamp=1504466495&raw=0) one can see: | ... analyzing package list ... | ... creating log file /tmp/LibreOffice//logging/en-US/log_540_en-US.log | ... creating installation set in /tmp/LibreOffice//install/LibreOffice_5.4.1.2.0_Linux ... | ... removing old installation directories ... What looks like a predictable /tmp path turns out to be one: https://lists.freedesktop.org/archives/libreoffice/2017-August/078249.html Another local user may use this vulnerability to gain privileges of a user who is building libreoffice from source. I did not request a CVE for this issue. Helmut
