possibly-insecure-handling-of-tmp-files-in-maintainer-script
The named maintainer script appears to access a file or a directory in
/tmp or a similar folder for temporary data. Working directly in such
folders, which are usually world-writable, can easily lead to serious security or
privacy bugs.
Please consider using the mktemp utility from the coreutils
package when creating temporary files or directories.
| Severity: | warning |
| Experimental: | false |
See also
Scripts (Section 10.4) in the Debian Policy Manual
- list of all the affected packages
- the source of this tag