Comment 6 for bug 162602

Hugin was reported to create temporary / debug files in unsafe manner. During
the optimizer run, it creates debug output file with pre-defined name:
/tmp/hugin_debug_optim_results.txt . If file was already created by other user,
hugin gives an error message.

This problem can be abused by malicious local user to perform symlink attack
against user running hugin, which will result in overwrite of arbitrary file
writable by user running hugin with panorama optimizer output.

There does not seem to be any upstream patch at the moment. Updated package was
released for openSuSE, which resolves this problem by disabling creation of
debug file.