Launchpad.net

CVE 2014-5260

The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.

See the CVE page on Mitre.org for more details.