On Tue, Jan 17, 2006 at 11:26:51PM +0100, Stefan Wiens wrote: > > I have reported this problem on Tue, 16 Nov 2004, bug ID #281656. When reporting these bugs please send them to the Security Team, not to the maintainer. Actually, the bug is not even tagged 'security'. Please see http://www.debian.org/security/faq#discover In any case, I reported this to the security team back in october. > As the qouting of $out_file and $err_file is still insufficient, the > fix solves #281656 only partially. Ummm... I have not seen the fix uploaded by the security team, but my patch did this: -out_file=$tmp_dir"/antiword.$$.ps" -err_file=$tmp_dir"/antiword.$$.err" +out_file=`tempfile -d $tmp_dir` || { echo "$0: Cannot create temporary file" >&2; exit 1; } +err_file=`tempfile -d $tmp_dir` || { echo "$0: Cannot create temporary file" >&2; exit 1; } +# Clean up +trap " /bin/rm -f -- \"$out_file\" \"$err_file\"" 0 1 2 3 13 15 And removed all other calls to rm so that the temporafy files would be removed on exit. That does fix the issue you mention in 281656. Regards Javier
Attachment:
signature.asc
Description: Digital signature