Dwayne Litzenberger wrote:
> Package: amarok
> Version: 1.4.9.1-2
> Severity: normal
> Tags: security
>
> I looked at the source code and found the following code (in
> amarok/src/magnatunebrowser/magnatunebrowser.cpp). I'm not familiar enough
> with Qt to be sure, but it looks to me like the code creating a temporary
> file insecurely. At minimum, I think this code will break if another user
> has already created /tmp/album_info.xml (thus preventing the current user
> from deleting it).
I my test on Etch Amarok didn't dereference a symlink, so this doesn't
seem like a security problem.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
