Accepted blender 2.36-1sarge1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 23 Dec 2005 09:50:02 +0000
Source: blender
Binary: blender
Architecture: source i386
Version: 2.36-1sarge1
Distribution: stable-security
Urgency: high
Maintainer: Masayuki Hatta (mhatta) <mhatta@debian.org>
Changed-By: Steve Kemp <skx@debian.org>
Description:
blender - Very fast and versatile 3D modeller/renderer
Closes: 330895 344398
Changes:
blender (2.36-1sarge1) stable-security; urgency=high
.
* Non-maintainer upload by The Security Team.
* patch release/scripts/bvh_import.py to use float instead of eval by
adding 03_fix_arbitrary_code_execution_in_bvh_import.py.dpatch,
thus preventing arbitrary code execution when importing a .bvh file;
this fix differs from the changes in
<http://projects.blender.org/viewcvs/viewcvs.cgi/blender/release/scripts/bvh_import.py.diff?r1=1.4&r2=1.5&cvsroot=bf-blender>
in that it doesn't provide the new checks introduced therein;
for reference, this is CVE-2005-3302 - closes: #330895
* patch source/blender/blenloader/intern/readfile.c to fix BlenLoader
Integer Overflow by adding 04_fix_integer_overflow_in_readfile.c.dpatch,
thus preventing potential code execution via a heap overflow;
for reference, this is CVE-2005-4470 - closes: #344398
Files:
8d4a7880a3b1c0d1c2c2b7d67b1111c7 748 graphics optional blender_2.36-1sarge1.dsc
8e2237c86b12e6061935632495aec875 6912828 graphics optional blender_2.36.orig.tar.gz
1731a5fd58dfbf6eacb4f2760be9dd27 13747 graphics optional blender_2.36-1sarge1.diff.gz
a263f52ac839648cee6e870b3d7e451e 4142046 graphics optional blender_2.36-1sarge1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDq85mwM/Gs81MDZ0RAuLDAKCzE8PbGNBGQbh4VOOfSknT1aCcNgCffVQY
2Fs23Oab6r/KqlpBTCjw7ec=
=fDYN
-----END PGP SIGNATURE-----
Accepted:
blender_2.36-1sarge1.diff.gz
to pool/main/b/blender/blender_2.36-1sarge1.diff.gz
blender_2.36-1sarge1.dsc
to pool/main/b/blender/blender_2.36-1sarge1.dsc
blender_2.36-1sarge1_i386.deb
to pool/main/b/blender/blender_2.36-1sarge1_i386.deb
Reply to: