Package: hplip Version: 3.12.6-3 Tags: security (Please adjust severity as necessary)
Hi, pkit.py seems to create a log file at /tmp/hp-pkservice.log and I believe it is done as root, making it a nice vector for a symlink attack. I only took a quick look at it, so I might be missing something. Could you please confirm the report? Thanks, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAA7hUgEc2cHKYQXHHghOc+0oY7t=vtfs3ose356uvsvezjh...@mail.gmail.com
