Rejected reason: The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and previous versions allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable.
Vulmon