[wix-users] WiX v3.10.2 Important Security Fix Release

Phill Hogland phill.hogland at rimage.com
Fri Jan 22 06:38:30 PST 2016


The 3.10.2 change is to Burn (bundle.exe), and is not related to MSI packages created by the WixToolset to my knowledge. 

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of RonnyS
Sent: Friday, January 22, 2016 7:58 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] WiX v3.10.2 Important Security Fix Release

Are only "Burn" installation of this security problem affected?
Or also single MSI Installation?

2016-01-22 8:49 GMT+01:00 Andreas Buchner <Andreas.Buchner at inloox.com>:

> Rob, thanks for providing these information.
> I´ve created a small application (just opening a WinForm) with and 
> without calling SetDefaultDllDirectories .
> Even if I compile the Application with .Net 4.5.2 I´m getting the same 
> exception when calling SetDefaultDllDirectories in Win7x86 and Win7x64 
> (Server 2008R2 not tested yet).
>
> Does anyone have an idea for a workaround on this? :)
>
> Regards,
> Andreas Buchner
>
>
> -----Ursprüngliche Nachricht-----
> Von: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] Im 
> Auftrag von Rob Mensching
> Gesendet: Freitag, 22. Januar 2016 01:46
> An: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Betreff: Re: [wix-users] WiX v3.10.2 Important Security Fix Release
>
> Andreas,
>
> First, make sure you're running a supported .NET Framework:
> http://blogs.msdn.com/b/dotnet/archive/2015/12/09/support-ending-for-t
> he-net-framework-4-4-5-and-4-5-1.aspx
>
> If the issue still happens in a supported .NET Framework, open a new 
> Connect bug.
>
> Apparently the old Connect bug (listed below) is ignored since it's 
> open against unsupported products.
>
> _____________________________________________________________
>  Short replies here. Complete answers over there:
> http://www.firegiant.com/
>
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On 
> Behalf Of Rob Mensching
> Sent: Thursday, January 21, 2016 11:55 AM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] WiX v3.10.2 Important Security Fix Release
>
> Looks like a long standing bug in WinForms:
> https://connect.microsoft.com/VisualStudio/feedback/details/806981/add
> dlldirectory-and-setdefaultdlldirectories-causes-crash-in-windows-form
> s-application
>
> _____________________________________________________________
>  Short replies here. Complete answers over there:
> http://www.firegiant.com/
>
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On 
> Behalf Of Andreas Buchner
> Sent: Thursday, January 21, 2016 10:42 AM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] WiX v3.10.2 Important Security Fix Release
>
> Hi Everyone,
>
> today we upgraded our bootstrapper(s) from 3.10.1.2213 to 3.10.2.2516. 
> The new compiled bootstrapper can´t be started on Win7 and Server 2008 
> operating systems (Vista, Win8.1, Win 10 works). I get the following
> exception:
>
> System.ArgumentException: Font '?' cannot be found.
> bei System.Drawing.FontFamily.GetGdipGenericSansSerif()
>    bei System.Drawing.FontFamily.get_GenericSansSerif()
>    bei System.Drawing.SystemFonts.get_DefaultFont()
>    bei System.Windows.Forms.Control.get_DefaultFont()
>    bei System.Windows.Forms.Control.get_Font()
>    bei System.Windows.Forms.Control.AssignParent(Control value)
>    bei System.Windows.Forms.Control.ControlCollection.Add(Control value)
>    bei System.Windows.Forms.TableLayoutControlCollection.Add(Control
> control, Int32 column, Int32 row)
>    bei .InstallDialog.InitializeComponent()
>
> We double checked this issue to get sure that the only difference is 
> the new version of wix. Can anyone imagine how the new version can 
> cause this issue?
> I´m not sure if the issue is only related to the operating system or a 
> combination of OS and installed .Net framework version.
>
> Thanks in advance!
> Regards,
>
> Andreas Buchner
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/


More information about the wix-users mailing list