diff -up foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924 foomatic-filters-4.0.8/foomaticrip.c
--- foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924	2011-08-18 16:27:57.277636643 +0100
+++ foomatic-filters-4.0.8/foomaticrip.c	2011-08-18 16:33:37.680136675 +0100
@@ -1188,9 +1188,13 @@ int main(int argc, char** argv)
     if (arglist_remove_flag(arglist, "--debug"))
         debug = 1;
 
-    if (debug)
-        logh = fopen(LOG_FILE ".log", "w"); /* insecure, use for debugging only */
-    else if (quiet && !verbose)
+    if (debug) {
+	int fd = mkstemp (LOG_FILE "-XXXXXX.log");
+	if (fd != -1)
+	    logh = fdopen(fd, "w");
+	else
+	    logh = stderr;
+    } else if (quiet && !verbose)
         logh = NULL; /* Quiet mode, do not log */
     else
         logh = stderr; /* Default: log to stderr */
diff -up foomatic-filters-4.0.8/renderer.c.CVE-2011-2924 foomatic-filters-4.0.8/renderer.c
--- foomatic-filters-4.0.8/renderer.c.CVE-2011-2924	2011-07-25 10:50:57.000000000 +0100
+++ foomatic-filters-4.0.8/renderer.c	2011-08-18 14:36:14.120153309 +0100
@@ -434,7 +434,7 @@ int exec_kid3(FILE *in, FILE *out, void 
         }
 
         /* Save the data supposed to be fed into the renderer also into a file*/
-        dstrprepend(commandline, "tee -a " LOG_FILE ".ps | ( ");
+        dstrprepend(commandline, "tee $(mktemp " LOG_FILE "-XXXXXX.ps) | ( ");
         dstrcat(commandline, ")");
     }