CVE-2010-2449

Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.
Source: NIST
CVE-2010-2449