Bug#503632: blender: Python scripts load modules from current directory

Package: blender Version: 2.46+dfsg-4 Severity: grave Tags: security Justification: user security hole Usertags: pythonpath Blender's BPY_interface calls PySys_SetArgv such that Python prepends sys.path with an empty string. This allows the possibility to run arbitrary code on the user's system

Bug#503632: blender: Python scripts load modules from current directory

tag 503632 patch thanks On Mon, Oct 27, 2008 at 12:37:12AM -0400, James Vega wrote: Blender's BPY_interface calls PySys_SetArgv such that Python prepends sys.path with an empty string. This allows the possibility to run arbitrary code on the user's system if there is a python file in

Processed: Re: Bug#503632: blender: Python scripts load modules from current directory

Processing commands for [EMAIL PROTECTED]: tag 503632 patch Bug#503632: blender: Python scripts load modules from current directory Tags were: security Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator

Processed: Re: Bug#503632: blender: Python scripts load modules from current directory

Processing commands for [EMAIL PROTECTED]: tag 503632 pending Bug#503632: blender: Python scripts load modules from current directory Tags were: patch security Tags added: pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system

Bug#503632: blender: Python scripts load modules from current directory

tag 503632 pending thanks James Vega [EMAIL PROTECTED] (27/10/2008): tag 503632 patch thanks Thanks for the bug and the patch, will take appropriate measures. Mraw, KiBi. signature.asc Description: Digital signature