Funny I have to be notified by a security-related mailing list that Securityfocus has added this to their database (BID-14496) [1]
I guess they found out because of the following mail http://www.winehq.org/hypermail/wine-cvs/2005/08/0181.html which points to http://cvs.winehq.org/patch.py?id=19421 A few comments on the bug "fix" from the Wine developer and why it's wrong: 1.- It does not check the exit status of mktemp and goes on even if it does not succeed (and, no, winelaucher does not use 'set -e') 2.- It hardcodes /tmp, if the user has $TMPDIR set it will not be honored (that's why I used the '-t' switch He does fix one thing I didn't and that's the removal of $MGSFILE after it's sent to stdout, please add that to the patch I provided. CCing the wine developer who commited the patch in case he wants to fix the fix :-) Regards Javier [1] http://www.securityfocus.com/bid/14496/info And they don't get my second name right, as usual.
signature.asc
Description: Digital signature