Debian: DSA-5784-1: oath-toolkit Security Advisory Updates
Fabian Vogt reported that the PAM module in oath-toolkit, a collection of components to build one-time password authentication systems, does not safely perform file operations in users’s home directories when using the usersfile feature (allowing to place the OTP state in the home