I'm finding more and more of them :-(
#287601: vdradmin: Vdradmin.pl script vulnerable to symlink attacks
(Note: there is probably also a _big_ bug in the vdr daemon since it does
not do any checks when overwritting files)
#287604: astats: Multiple temporary symlink vulnerabilities in the astats
script
Boy, how this did get into sarge?
#(no number yet) grass : Multiple vulnerabilities (symlink attacks) due
to improper temporary files use in scripts and source code
Note: This is old code (written in 1997-1999) and it's full of those,
which is most unfortunate since it's very useful for lots of people.
I have automated the process of extracting packages with "/tmp" in them,
and I'm now reviewing the ~9000 reports I've made on packages. A
preliminary review means there are a lot of bugs that still need to be
submitted before this issue is fixed in sarge. Oh boy!
Regards
Javier