Makes use of tempfile.mktemp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
calibre |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Several modules in src/calibre/
self.__write_to = tempfile.mktemp()
and the self.__write_to is referenced later in process_pict, where it is opened like this --> (line 145)
with open(self.
and data is copied into the file (if it is to be copied)
via -->
copy_obj.
which ends up calling shutil.copyfile which will end up copying the pict.data file to the self.__write_to file location. As self.__write_to maybe a symbolic link, this may mean that another user file maybe over-written (e.g. ~/.bashrc).
Fixed in branch lp:calibre. The fix will be in the next release. calibre is usually released every Friday.
status fixreleased