-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 29 Nov 2008 18:48:10 +0100 Source: blender Binary: blender Architecture: source amd64 Version: 2.42a-8 Distribution: stable Urgency: low Maintainer: Cyril Brulebois <kibi@debian.org> Changed-By: Cyril Brulebois <kibi@debian.org> Description: blender - Very fast and versatile 3D modeller/renderer Closes: 503632 Changes: blender (2.42a-8) stable; urgency=low . * Include patch by James Vega (thanks!) to fix security bug: Blender's BPY_interface was calling PySys_SetArgv so that sys.path was prepended with an empty string, resulting in possible arbitrary code execution, when the working directory contains a file named like one that Blender's python scripts try to import (Closes: #503632). That patch removes empty elements from sys.path: - debian/patches/01_sanitize_sys.path This is CVE-2008-4863. * Acknowledge previous NMU by the security team, thanks Devin Carraway. * Update Maintainer/Uploaders. Files: 83034e610697736933ab5bbb1515741c 883 graphics optional blender_2.42a-8.dsc c1bc77923cc3c6712adb3b43a1e7d6cf 30192 graphics optional blender_2.42a-8.diff.gz 26b71cf18193f2fb3169b4983c76064a 6373114 graphics optional blender_2.42a-8_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkxm5kACgkQeGfVPHR5Nd3L4wCg0H4sA+a3Y3jxopKPL2EnPXeU HE4An21CubEk77w80eIUMNz+qMf8kdLt =siur -----END PGP SIGNATURE----- Accepted: blender_2.42a-8.diff.gz to pool/main/b/blender/blender_2.42a-8.diff.gz blender_2.42a-8.dsc to pool/main/b/blender/blender_2.42a-8.dsc blender_2.42a-8_amd64.deb to pool/main/b/blender/blender_2.42a-8_amd64.deb