I did a quick test with the binary from blender.org: blender-2.42a- linux-glibc232-py24-i386-static, and yes, it seems it does the same thing.
But, the 2.42a binary I downloaded also has a similar vulnerability for /tmp/quit.blend, something that I think was fixed long ago in debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298167 I just ran the binary from the unpacked tar file, I did not try to install it in any way. -- insecure file access (breezy, dapper) https://launchpad.net/bugs/6671 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
