Bug#751804: tox: runs tests with HOME=/tmp

[If you want to contact the submitter, you need to cc them.] * Barry Warsaw , 2014-06-17, 15:22: Are you reporting a packaging bug or an upstream bug? The former. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Cont

Bug#751804: tox: runs tests with HOME=/tmp

Source: tox Version: 1.6.0-1 Severity: grave Tags: security This package runs tests with HOME set to /tmp. But HOME is supposed to be writable only by trusted users, whereas /tmp is world-writable. Malicious local user could exploit this flaw to execute arbitrary code, by putting a crafted Py