Blender

  1. Bug #6671
  2. Comment #34

Comment 34 for bug 6671

Revision history for this message
In , Tomas (tomas-redhat-bugs) wrote :

Noted in SuSE advisory:

  Since we do not think that Blender is not used in security critical settings
  with network input data we fixed this problem only for future products.

The temporary file issue is not currently fixed in SuSE packages.

Further details regarding this are covered in Ubuntu and Debian bug reports:

https://bugs.launchpad.net/ubuntu/+source/blender/+bug/6671
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298167

Problematic files in /tmp are:
- /tmp/quit.blend
- /tmp/0001.jpg, /tmp/0002.jpg, ...

First issue seems to have been fixed in the past in Debian packages, first using
O_EXCL in open(), later replaced with move of temporary directory to user's
$HOME. Debian patches attached in following comments.