Bug#762230: lilypond: debian/rules sets HOME=/tmp

Source: lilypond Version: 2.18.2-2 Severity: grave Tags: security This package's debian/rules sets HOME set to /tmp in debian/rules. But HOME is supposed to be writable only by trusted users, whereas /tmp is world-writable. For example, python2.7 (which debian/rules indirectly runs) loads

Bug#762230: lilypond: debian/rules sets HOME=/tmp

On Fri, 19 Sep 2014, Jakub Wilk wrote: This package's debian/rules sets HOME set to /tmp in debian/rules. But HOME is supposed to be writable only by trusted users, whereas /tmp is world-writable. For example, python2.7 (which debian/rules indirectly runs) loads code from