[Bf-committers] YAML insecurity run a muck

[Chad Fraleigh]

So with all the discussions about the YAML security hole (that tends
to read more like "chicken little" in most blogs), and that it could
affect other languages (like python) under certain conditions.. has
anyone looked at any potential [security] impact for blender? Also
since the OpenColorIO lib uses it, it hypothetically might be a
problem too. Currently I'm not sure how blender deals with python
scripts embedded in .blend files to prevent the blender equivalent of
a macro virus, but even if sand-boxed, could things like YAML be used
to bypass any protections?

A page that talks about risks in PyYAML:

  http://nedbatchelder.com/blog/201302/war_is_peace.html


-Chad