Bug#605181: python-uno: Use of PYTHONPATH env var in an insecure way
Jakub Wilk performed an analysis for packages setting PYTHONPATH in
an insecure way. Those packages do something like:
This is wrong, because if PYTHONPATH were originally unset or empty,
current working directory would be added to sys.path.
Your package turns out to ship vulnerable examples or contains
insecure advices: you can find a complete log at .
Some guidelines on how to fix these bugs: in the case given above, you
can use something like
(If you don't known this construct, grep for "Use Alternative Value"
in the bash/dash manpage.)
Also, in cases like
PYTHONPATH=$PYTHONPATH:$SPAMDIR exec python $SPAMDIR/spam.py
you shouldn't need to touch PYTHONPATH at all.
Feel free to contact firstname.lastname@example.org in case of