The example script was corrected in v2.4, and no occurrences of either 'mktemp' nor '/tmp' come un in v3.0.3. However the vulnerability is still present in v1.38.11-8 (etch), in at least all of the autochangers example scripts.
Upgrading to critical, since this vuln can compromise a whole system if these old scripts are used. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org