Launchpad.net

CVE 2014-2277

The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.

See the CVE page on Mitre.org for more details.