[php-maint] Bug#759282: CVE request: php-pear, pear's insecure /tmp/ use for cache data

[Murray McAllister]

Hello,

It was reported that the pear utility insecurely used the /tmp/ 
directory for cache data. A local attacker could use this flaw to 
perform a symbolic link attack against a user (typically the root user) 
running a pear command (such as "pear install").

Original report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282

Could a CVE please be assigned?

Thanks,

--
Murray McAllister / Red Hat Product Security