-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 23 Dec 2005 09:50:02 +0000 Source: blender Binary: blender Architecture: source i386 Version: 2.36-1sarge1 Distribution: stable-security Urgency: high Maintainer: Masayuki Hatta (mhatta) <mhatta@debian.org> Changed-By: Steve Kemp <skx@debian.org> Description: blender - Very fast and versatile 3D modeller/renderer Closes: 330895 344398 Changes: blender (2.36-1sarge1) stable-security; urgency=high . * Non-maintainer upload by The Security Team. * patch release/scripts/bvh_import.py to use float instead of eval by adding 03_fix_arbitrary_code_execution_in_bvh_import.py.dpatch, thus preventing arbitrary code execution when importing a .bvh file; this fix differs from the changes in <http://projects.blender.org/viewcvs/viewcvs.cgi/blender/release/scripts/bvh_import.py.diff?r1=1.4&r2=1.5&cvsroot=bf-blender> in that it doesn't provide the new checks introduced therein; for reference, this is CVE-2005-3302 - closes: #330895 * patch source/blender/blenloader/intern/readfile.c to fix BlenLoader Integer Overflow by adding 04_fix_integer_overflow_in_readfile.c.dpatch, thus preventing potential code execution via a heap overflow; for reference, this is CVE-2005-4470 - closes: #344398 Files: 8d4a7880a3b1c0d1c2c2b7d67b1111c7 748 graphics optional blender_2.36-1sarge1.dsc 8e2237c86b12e6061935632495aec875 6912828 graphics optional blender_2.36.orig.tar.gz 1731a5fd58dfbf6eacb4f2760be9dd27 13747 graphics optional blender_2.36-1sarge1.diff.gz a263f52ac839648cee6e870b3d7e451e 4142046 graphics optional blender_2.36-1sarge1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDq85mwM/Gs81MDZ0RAuLDAKCzE8PbGNBGQbh4VOOfSknT1aCcNgCffVQY 2Fs23Oab6r/KqlpBTCjw7ec= =fDYN -----END PGP SIGNATURE----- Accepted: blender_2.36-1sarge1.diff.gz to pool/main/b/blender/blender_2.36-1sarge1.diff.gz blender_2.36-1sarge1.dsc to pool/main/b/blender/blender_2.36-1sarge1.dsc blender_2.36-1sarge1_i386.deb to pool/main/b/blender/blender_2.36-1sarge1_i386.deb