CVE-2019-13226
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/block-dev-basename in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary...