diff --git a/blender-2.48a-cve-2008-4863.patch b/blender-2.48a-cve-2008-4863.patch
new file mode 100644
index 0000000..4fa3c6f
--- /dev/null
+++ b/blender-2.48a-cve-2008-4863.patch
@@ -0,0 +1,15 @@
+diff -up blender-2.48a/source/blender/python/BPY_interface.c.cve blender-2.48a/source/blender/python/BPY_interface.c
+--- blender-2.48a/source/blender/python/BPY_interface.c.cve	2008-11-03 17:31:19.000000000 +0100
++++ blender-2.48a/source/blender/python/BPY_interface.c	2008-11-03 17:35:01.000000000 +0100
+@@ -225,6 +225,11 @@ void BPY_start_python( int argc, char **
+ 	Py_Initialize(  );
+ 	
+ 	PySys_SetArgv( argc_copy, argv_copy );
++	
++	/* Sanitize sys.path to prevent relative imports loading modules in
++	   the current working directory */
++	PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
++
+ 	/* Initialize thread support (also acquires lock) */
+ 	PyEval_InitThreads();
+ 	
diff --git a/blender.spec b/blender.spec
index 56ed042..5f67d67 100644
--- a/blender.spec
+++ b/blender.spec
@@ -3,7 +3,7 @@
 
 Name:           blender
 Version:        2.48a
-Release: 	3%{?dist}
+Release: 	4%{?dist}
 
 Summary:        3D modeling, animation, rendering and post-production
 
@@ -30,6 +30,7 @@ Patch1:         blender-2.47-scons.patch
 Patch2:		blender-2.44-bid.patch
 
 Patch100:	blender-2.46rc3-cve-2008-1103-1.patch
+Patch101:	blender-2.48a-cve-2008-4863.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -77,7 +78,8 @@ available.
 %patch1 -p1 -b .org
 %patch2 -p1 -b .bid
 
-%patch100 -p1 -b .cve
+%patch100 -p1
+%patch101 -p1
 
 PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
 
@@ -153,6 +155,12 @@ desktop-file-install --vendor fedora                    \
   --add-category X-Fedora                               \
   %{SOURCE4}
 
+#
+# Create empty %%{_libdir}/blender/scripts to claim ownership
+#
+
+install -d ${RPM_BUILD_ROOT}%{_libdir}/blender/scripts
+
 %find_lang %name
 
 %clean
@@ -179,7 +187,13 @@ update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || :
 %{_datadir}/mime/packages/blender.xml
 
 %changelog
+* Mon Nov  3 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48a-4
+- Fix security issue (#469655, CVE-2008-4863)
+
 * Sun Oct 26 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48a-3
+- Create %%{_libdir}/blender/scripts/ to claim ownership
+
+* Sun Oct 26 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48a-1
 - New upstream release
 
 * Wed Oct 15 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48-1