package burn retitle 542750 burn: should use ‘subprocess’ module for secure child process interaction thanks
On 19-Aug-2009, Philipp Weis wrote: > I just discovered that burn has trouble with quotation marks in file > names, and on a closer inspection it seems as if this actually has > security implications. I attached a tiny patch that fixes three of > the quotation problems, but there seem to be more issues like this > in the code, and I don't have the time right now to look closely at > all of them. Acting as upstream developer for the program, I have prepared a new version that (among other changes) uses the ‘subprocess’ module, and its sanitised argument handling, for all child process interactions. This could have unforeseen effects. Could you please test the upstream 0.4.5 version from <URL:http://pypi.python.org/pypi/burn/0.4.5> and make sure it works for all your use cases? -- \ “Try to learn something about everything and everything about | `\ something.” —Thomas Henry Huxley | _o__) | Ben Finney <b...@benfinney.id.au>
signature.asc
Description: Digital signature
