On Tue, Jan 17, 2006 at 11:26:51PM +0100, Stefan Wiens wrote:
>
> I have reported this problem on Tue, 16 Nov 2004, bug ID #281656.
When reporting these bugs please send them to the Security Team, not to the
maintainer. Actually, the bug is not even tagged 'security'. Please see
http://www.debian.org/security/faq#discover
In any case, I reported this to the security team back in october.
> As the qouting of $out_file and $err_file is still insufficient, the
> fix solves #281656 only partially.
Ummm... I have not seen the fix uploaded by the security team, but my patch
did this:
-out_file=$tmp_dir"/antiword.$$.ps"
-err_file=$tmp_dir"/antiword.$$.err"
+out_file=`tempfile -d $tmp_dir` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+err_file=`tempfile -d $tmp_dir` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+# Clean up
+trap " /bin/rm -f -- \"$out_file\" \"$err_file\"" 0 1 2 3 13 15
And removed all other calls to rm so that the temporafy files would be
removed on exit. That does fix the issue you mention in 281656.
Regards
Javier
Attachment:
signature.asc
Description: Digital signature