Bug#802476: spellintian: tries to read files from ARRAY(0x...)/profiles/debian
Package: lintian
Version: 2.5.38
Severity: minor
Tags: security
$ strace -o '| grep ARRAY' spellintian < /dev/null
stat64("ARRAY(0x89445f8)/profiles/debian/main.profile", 0x8819164) = -1 ENOENT (No such file or directory)
stat64("ARRAY(0x89445f8)/profiles/debian/ftp-master-auto-reject.profile", 0x8819164) = -1 ENOENT (No such file or directory)
Tagging this security, because it means spellintian can't be used
securely when cwd is a world-writable directory, such as /tmp.
--
Jakub Wilk
Reply to: