See $URL and bug 235770.
Confirmed in version 1.3.0_rc1. File: /usr/bin/asciiview Line 6: rm $file Line 10, 70, 73: Piping output to $file Line 59: mkfifo $file (will probably just fail if already existing, program execution continues anyway)
No patch from Debian yet. This package is maintained-needed.
Created attachment 165209 [details, diff] 02_tmp_creation.patch Debian patched it.
*aview-1.3.0_rc1-r1 (13 Sep 2008) 13 Sep 2008; Robert Buchholz <rbu@gentoo.org> +files/aview-1.3.0_rc1-includes.patch, +files/aview-1.3.0_rc1-tmp_creation.patch, +aview-1.3.0_rc1-r1.ebuild: Non-maintainer bump: Fix insecure temporary file creation in asciiview (bug #235808)
Arches, please test and mark stable: =media-gfx/aview-1.3.0_rc1-r1 Target keywords : "amd64 ppc x86"
amd64 stable
http://www.shatters.net/~claurel/celestia/images/moon-ls-140.pnm <- file to test x86 stable
ppc stable
GLSA decision, voting YES.
YES too, request filed.
GLSA 200812-14, thanks everyone, sorry about the "delay".