-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 27 Oct 2008 06:44:20 +0100 Source: blender Binary: blender Architecture: source amd64 Version: 2.46+dfsg-5 Distribution: unstable Urgency: high Maintainer: Cyril Brulebois <kibi@debian.org> Changed-By: Cyril Brulebois <kibi@debian.org> Description: blender - Very fast and versatile 3D modeller/renderer Closes: 503632 Changes: blender (2.46+dfsg-5) unstable; urgency=high . * Include patch by James Vega (thanks!) to fix security bug: Blender's BPY_interface was calling PySys_SetArgv so that sys.path was prepended with an empty string, resulting in possible arbitrary code execution, when the working directory contains a file named like one that Blender's python scripts try to import (Closes: #503632). That patch removes empty elements from sys.path: - debian/patches/01_sanitize_sys.path * Urgency set to “high” accordingly. Checksums-Sha1: 74e9f994361ab5c73145a26fa0cf54384de71d76 1501 blender_2.46+dfsg-5.dsc bacba55594836883fe92f3d7a94cebe8977e495c 29665 blender_2.46+dfsg-5.diff.gz 68e935dc9ace11fd146a8e163684b5804b0595d6 8799234 blender_2.46+dfsg-5_amd64.deb Checksums-Sha256: afe335f5837a3aa5b3289f1220f52eb9030896a5c15ffef1dc4564f5ab4c14dd 1501 blender_2.46+dfsg-5.dsc edb85122f70babf146ce12f46367d302a3be944646318a5a4cb0978ea8e6fef0 29665 blender_2.46+dfsg-5.diff.gz 649f0df0faddedf8ef6d7b0b7e3fe9106d9a8278f98ce562b5fa6ca684d84006 8799234 blender_2.46+dfsg-5_amd64.deb Files: a7be7f9e1145aedd801e10e057fc26e8 1501 graphics optional blender_2.46+dfsg-5.dsc 60e32816f4e1554fe3b21b440c563375 29665 graphics optional blender_2.46+dfsg-5.diff.gz 8b5ef125cf2572d7feccd81e25549437 8799234 graphics optional blender_2.46+dfsg-5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkFXR0ACgkQeGfVPHR5Nd2iXQCfTZH8oyuRmtM5GEQf08Di7AI6 A1MAoLsZpKHRntLLz44aRaW4FNWJVDdV =OrUw -----END PGP SIGNATURE----- Accepted: blender_2.46+dfsg-5.diff.gz to pool/main/b/blender/blender_2.46+dfsg-5.diff.gz blender_2.46+dfsg-5.dsc to pool/main/b/blender/blender_2.46+dfsg-5.dsc blender_2.46+dfsg-5_amd64.deb to pool/main/b/blender/blender_2.46+dfsg-5_amd64.deb