Package: blender
Version: 2.46+dfsg-4
Severity: grave
Tags: security
Justification: user security hole
Usertags: pythonpath
Blender's BPY_interface calls PySys_SetArgv such that Python prepends
sys.path with an empty string. This allows the possibility to run
arbitrary code on the user's system
tag 503632 patch
thanks
On Mon, Oct 27, 2008 at 12:37:12AM -0400, James Vega wrote:
Blender's BPY_interface calls PySys_SetArgv such that Python prepends
sys.path with an empty string. This allows the possibility to run
arbitrary code on the user's system if there is a python file in
Processing commands for [EMAIL PROTECTED]:
tag 503632 patch
Bug#503632: blender: Python scripts load modules from current directory
Tags were: security
Tags added: patch
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
Processing commands for [EMAIL PROTECTED]:
tag 503632 pending
Bug#503632: blender: Python scripts load modules from current directory
Tags were: patch security
Tags added: pending
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
tag 503632 pending
thanks
James Vega [EMAIL PROTECTED] (27/10/2008):
tag 503632 patch
thanks
Thanks for the bug and the patch, will take appropriate measures.
Mraw,
KiBi.
signature.asc
Description: Digital signature
5 matches
Mail list logo