Recently, Trustix Secure Linux discovered some vulnerabilities in the
gettext package. The programs “autopoint” and “gettextize” created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the program.