Source: qmath3d Version: 0~1.0-2 Severity: important Tags: security debian/rules has:
qbs-setup-toolchains --settings-dir /tmp --detect This reads files from well known locations inside /tmp. A malicious user could place settings files containing a compiler of her choice and thus take control of the build process elevating privileges to the build user. I think the intention is to ignore the build users settings. A better solution for that problem would be creating an empty directory below the debian directory. Helmut
