Control: reopen -1 On Tue, 2014-08-05 at 16:02 +0200, Matteo F. Vescovi wrote:
> Today I've contacted upstream developers (via IRC channel on Freenode) > and asked about this long-lasting security bug. > > They pointed me to: > > https://developer.blender.org/rB367722470aa2eada43614cd558f468b4beea851d > > where it's clear that the issue has been fixed with that commit. > > So, I'm (finally) closing this bug report. I'm sorry but this does not resolve the issue, it simply turns the results from an arbitrary file overwrite to a denial of service (prevent other users from autosaving). Saving in /tmp at all is completely the wrong solution. The right thing to do is to either use a random path in $TMPDIR using mkstemp etc or to use somewhere under $HOME, preferably following the XDG basedir spec: http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html -- bye, pabs http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
