SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS). https://github.com/sagemath/sage/pull/35419 https://github.com/sagemath/FlintQS/issues/3
Created flintqs tracking bugs for this issue: Affects: epel-all [bug 2185301] Affects: fedora-all [bug 2185302]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.