Package: git-extras Version: 1.7.0-1.1 Severity: serious Tags: security
The git-effort utility uses /tmp/.git-effort as the name of its temporary filename. While this already prevents two users from using this utility (due to not cleaning its temporary file) it also allows for targeted symbolic link attacks. No guessing involved. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
