This bug report has now resulted in two CVE identifiers, as discussed here:
http://www.openwall.com/lists/oss-security/2014/08/15/4
CVE-2014-5254 - For all symlink issues.
CVE-2014-5255 - For code execution via the temporary shell script issue.
Steve
--
http://www.steve.org.uk/
