Comment 19 for bug 2044373

Thank you @fossfreedom and everyone involved in addressing these issues \o/

Patches and CVEs are released so I am making this issue public.

I re-assessed all CVEs to the same CVSS. I also removed the suggested mitigation text and user-specific text in the CVE metadata--many applications have access to /tmp/ in addition to other user accounts.

If the reporter for the first two CVEs is added to GHSA, I can update the CVE metadata to attribute them.