From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20051216 Fedora/1.5-3 Firefox/1.5 Description of problem: The f-spot wrapper script in /usr/bin attempts to run f-spot.exe from the current working directory. This can lead into problems when launching f-spot from for example /tmp where another user might have created a fake f-spot.exe file. Version-Release number of selected component (if applicable): f-spot-0.1.5-1 How reproducible: Always Steps to Reproduce: 1. cd /tmp 2. touch f-spot.exe Makefile Defines.cs 3. f-spot Actual Results: *** Running uninstalled f-spot *** cannot open assembly ./f-spot.exe Additional info:
*** Bug 177676 has been marked as a duplicate of this bug. ***
This has been filed as http://bugzilla.gnome.org/show_bug.cgi?id=328909
Flipping security flag, as this is a security issue...
should be fixed in rawhide, now.