feynmf.pl as shipped in dev-tex/feynmf-1.08-r1 creates files in an insecure manner. The attached patch should fix this, and is extracted from the Debian package. Please also check with upstream whether this is included in their repository and coordinate that if necessary.
Created attachment 135305 [details, diff] 52_feynmf-perl-sec-fix
Ulrich, please advise.
It seems to me that calling /bin/tempfile is not the Perl way of doing things. The program should for example use File::Temp and call the tempfile() function. I'm going to provide a new patch.
Created attachment 135319 [details, diff] feynmf-1.08-tempfile.patch Fixed in -r2. New patch attached.
Arch teams, please stabilise dev-tex/feynmf-1.08-r2.
x86 stable
amd64 stable
Vulnerable version 1.08-r1 removed.
Voting YES as it uses a temporary name that is easily determinable by local attackers (process id).
yes too, request filed.
GLSa 200711-32