package burn tags 542329 + security confirmed assign 542329 ! thanks On 18-Aug-2009, Philipp Weis wrote: > I just discovered that burn has trouble with quotation marks in file > names, and on a closer inspection it seems as if this actually has > security implications.
Thanks for the bug report; you're right that this is a security issue. > I attached a tiny patch that fixes three of the quotation problems, > but there seem to be more issues like this in the code, and I don't > have the time right now to look closely at all of them. The correct fix for this will be to avoid string concatenation for constructing command lines, and instead to use the ‘subprocess.Popen’ class for invoking subprocesses. -- \ “All good things are cheap; all bad are very dear.” —Henry | `\ David Thoreau | _o__) | Ben Finney <[email protected]>
signature.asc
Description: Digital signature

