[Bf-committers] Fatch for CVE-2008-4863
Jochen Schmitt
Jochen at herr-schmitt.de
Mon Nov 3 20:24:22 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hallo,
relating to the Fedora packaging guidelines, I will forward a patch
which should solves
the reported secruity issue CVE-2008-4863 to you.
Best Regards:
Jochen schmitt
diff -up blender-2.48a/source/blender/python/BPY_interface.c.cve
blender-2.48a/source/blender/python/BPY_interface.c
- --- blender-2.48a/source/blender/python/BPY_interface.c.cve
2008-11-03 17:31:19.000000000 +0100
+++ blender-2.48a/source/blender/python/BPY_interface.c 2008-11-03
17:35:01.000000000 +0100
@@ -225,6 +225,11 @@ void BPY_start_python( int argc, char **
Py_Initialize( );
PySys_SetArgv( argc_copy, argv_copy );
+
+ /* Sanitize sys.path to prevent relative imports loading
modules in
+ the current working directory */
+ PyRun_SimpleString("import sys; sys.path = filter(None,
sys.path)");
+
/* Initialize thread support (also acquires lock) */
PyEval_InitThreads();
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkPT9wACgkQT2AHK6txfgxxdwCgy06gsyFTOAtva6CpaqkIEvcz
HwAAoJTdye0tkgE86VilcmbS3MhN8e+C
=UfQE
-----END PGP SIGNATURE-----
More information about the Bf-committers
mailing list