id3lib -- insecure temporary file creation

2007-08-20T00:00:00
ID 15EC9123-7061-11DC-B372-001921AB2FA4
Type freebsd
Reporter FreeBSD
Modified 2007-10-01T00:00:00

Description

Debian Bug report log reports:

When tagging file $foo, a temporary copy of the file is created, and for some reason, libid3 doesn't use mkstemp but just creates $foo.XXXXXX literally, without any checking. This would silently truncate and overwrite an existing $foo.XXXXXX.