CVE 2017-18925

opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.

See the CVE page on Mitre.org for more details.