logilab-common #207562 CVE-2014-1839: temp file issue in shellutils.Execute [validation pending]

class Execute:
"""This is a deadlock safe version of popen2 (no stdin), that returns
an object with errorlevel, out and err.

def __init__(self, command):
outfile = tempfile.mktemp()
errfile = tempfile.mktemp()
self.status = os.system("( %s ) >%s 2>%s" %
(command, outfile, errfile)) >> 8
self.out = open(outfile, "r").read()
self.err = open(errfile, "r").read()

From the tempfile.mktemp() docstring: “This function is unsafe and
should not be used. The file name refers to a file that did not exist at
some point, but by the time you get around to creating it, someone else
may have beaten you to the punch.”

done in0.61.0
load left0.000
closed by#2c4fd6f35674 shellutils: fix tempfile issue in Execute, and deprecate it
patchshellutils: fix tempfile issue in Execute, and deprecate it [applied]