[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted blender 2.36-1sarge1 (source i386)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 23 Dec 2005 09:50:02 +0000
Source: blender
Binary: blender
Architecture: source i386
Version: 2.36-1sarge1
Distribution: stable-security
Urgency: high
Maintainer: Masayuki Hatta (mhatta) <mhatta@debian.org>
Changed-By: Steve Kemp <skx@debian.org>
Description: 
 blender    - Very fast and versatile 3D modeller/renderer
Closes: 330895 344398
Changes: 
 blender (2.36-1sarge1) stable-security; urgency=high
 .
   * Non-maintainer upload by The Security Team.
   * patch release/scripts/bvh_import.py to use float instead of eval by
     adding 03_fix_arbitrary_code_execution_in_bvh_import.py.dpatch,
     thus preventing arbitrary code execution when importing a .bvh file;
     this fix differs from the changes in
     <http://projects.blender.org/viewcvs/viewcvs.cgi/blender/release/scripts/bvh_import.py.diff?r1=1.4&r2=1.5&cvsroot=bf-blender>
     in that it doesn't provide the new checks introduced therein;
     for reference, this is CVE-2005-3302 - closes: #330895
   * patch source/blender/blenloader/intern/readfile.c to fix BlenLoader
     Integer Overflow by adding 04_fix_integer_overflow_in_readfile.c.dpatch,
     thus preventing potential code execution via a heap overflow;
     for reference, this is CVE-2005-4470 - closes: #344398
Files: 
 8d4a7880a3b1c0d1c2c2b7d67b1111c7 748 graphics optional blender_2.36-1sarge1.dsc
 8e2237c86b12e6061935632495aec875 6912828 graphics optional blender_2.36.orig.tar.gz
 1731a5fd58dfbf6eacb4f2760be9dd27 13747 graphics optional blender_2.36-1sarge1.diff.gz
 a263f52ac839648cee6e870b3d7e451e 4142046 graphics optional blender_2.36-1sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDq85mwM/Gs81MDZ0RAuLDAKCzE8PbGNBGQbh4VOOfSknT1aCcNgCffVQY
2Fs23Oab6r/KqlpBTCjw7ec=
=fDYN
-----END PGP SIGNATURE-----


Accepted:
blender_2.36-1sarge1.diff.gz
  to pool/main/b/blender/blender_2.36-1sarge1.diff.gz
blender_2.36-1sarge1.dsc
  to pool/main/b/blender/blender_2.36-1sarge1.dsc
blender_2.36-1sarge1_i386.deb
  to pool/main/b/blender/blender_2.36-1sarge1_i386.deb
Reply to: