possibly-insecure-handling-of-tmp-files-in-maintainer-script

The named maintainer script appears to access a file or a directory in /tmp or a similar folder for temporary data. Working directly in such folders, which are usually world-writable, can easily lead to serious security or privacy bugs.

Please consider using the mktemp utility from the coreutils package when creating temporary files or directories.

For more information please consult:

Scripts (Section 10.4) in the Debian Policy Manual

The tag is present in Lintian version 2.114.163. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.114.0 release tag in our Git repository.

You can find the detection logic for this version at commit fd97859. For merge requests, please use the latest version in the Lintian check maintainer-scripts/temporary-files.

Visibility: warning

The following 13 source packages in the archive triggered the tag 27 times (in any Lintian version).

There were no overrides.