On Fri, 19 Sep 2014, Jakub Wilk wrote:
> This package's debian/rules sets HOME set to /tmp in debian/rules. But
> HOME is supposed to be writable only by trusted users, whereas /tmp is
> world-writable.
>
> For example, python2.7 (which debian/rules indirectly runs) loads code from
> $HOME/.local/
Source: lilypond
Version: 2.18.2-2
Severity: grave
Tags: security
This package's debian/rules sets HOME set to /tmp in debian/rules. But
HOME is supposed to be writable only by trusted users, whereas /tmp is
world-writable.
For example, python2.7 (which debian/rules indirectly runs) loads cod
2 matches
Mail list logo