Package: audiolink Severity: normal /usr/bin/audiolink uses static hardcoded paths to tmpfiles below /tmp. That is insecure - someone else can manipulate what in fed into the script.
Use random generated files instead. Consider using File::Temp or similar. Oh, and while I am at it, avoid mixing command and args in system() - read `perldoc perlsec`. And consider using DBI also to create the DB. - Jonas -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc3-mm3+debianlogo+squashfs Locale: LANG=da_DK, LC_CTYPE=da_DK (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
