GLSA-200710-05 : QGit: Insecure temporary file creation
Medium Nessus Plugin ID 26945
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200710-05 (QGit: Insecure temporary file creation)
Raphael Marichez discovered that the DataLoader::doStart() method creates temporary files in an insecure manner and executes them.
A local attacker could perform a symlink attack, possibly overwriting files or executing arbitrary code with the rights of the user running QGit.
There is no known workaround at this time.
SolutionAll QGit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/qgit-1.5.7'