nvclock creates the file /tmp/nvclock insecurely, and then reads from it insecurely.
Malverian, could you handle this bug?
Quick patch will be attached shortly.
Created attachment 123751 [details, diff]
use $HOME/.nvclock instead of /tmp/nvclock
this is CVE-2007-3531
I went ahead and fixed it, as there is no maintainer.
x86: please test and mark stable nvclock-0.7-r2
Okay, we're ready for a glsa vote.
I'm tempted to vote YES, as arbitrary code execution is possible.
tend to say yes here, too.
let's GLSA 200707-08 then