nvclock creates the file /tmp/nvclock insecurely, and then reads from it insecurely. Malverian, could you handle this bug? Quick patch will be attached shortly.
Created attachment 123751 [details, diff] use $HOME/.nvclock instead of /tmp/nvclock
this is CVE-2007-3531
I went ahead and fixed it, as there is no maintainer. x86: please test and mark stable nvclock-0.7-r2
x86 stable
Okay, we're ready for a glsa vote. I'm tempted to vote YES, as arbitrary code execution is possible.
tend to say yes here, too.
Voting YES.
let's GLSA 200707-08 then