blender - Debian Package Tracker

general

source: blender (main)
version: 3.1.2+dfsg-1
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Matteo F. Vescovi [DMD]
arch: all any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.79.b+dfsg0-1~deb9u1
o-o-sec: 2.79.b+dfsg0-1~deb9u1
oldstable: 2.79.b+dfsg0-7
old-bpo: 2.82.a+dfsg-1~bpo10+1
stable: 2.83.5+dfsg-5
unstable: 3.1.2+dfsg-1

versioned links

2.79.b+dfsg0-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.79.b+dfsg0-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.82.a+dfsg-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.83.5+dfsg-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.1+dfsg-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.2+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

blender (14 bugs: 0, 10, 4, 0)
blender-data (1 bugs: 0, 0, 1, 0)

action needed

3 security issues in stretch high

There are 3 open security issues in stretch.

3 important issues:

CVE-2022-0544: An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0545: An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0546: A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

Created: 2022-02-23 Last update: 2022-04-06 07:05

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2022-0544: An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0545: An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0546: A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

Created: 2022-02-23 Last update: 2022-04-06 07:05

3 security issues in buster high

There are 3 open security issues in buster.

3 important issues:

CVE-2022-0544: An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0545: An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0546: A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

Created: 2022-02-23 Last update: 2022-04-06 07:05

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2022-0544: An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0545: An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0546: A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

Created: 2022-02-23 Last update: 2022-04-06 07:05

3 security issues in bookworm high

There are 3 open security issues in bookworm.

3 important issues:

CVE-2022-0544: An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0545: An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0546: A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

Created: 2022-02-23 Last update: 2022-02-26 05:26

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

blender-data could have its dependency on python3 annotated with :any

Created: 2016-09-14 Last update: 2022-05-20 06:34

Depends on packages which need a new maintainer normal

The packages that blender depends on which need a new maintainer are:

libgsm (#1009975)
- Build-Depends: libgsm1-dev

Created: 2022-04-21 Last update: 2022-05-20 06:04

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2022-04-11 Last update: 2022-05-20 05:33

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-10-13 Last update: 2021-10-13 21:31

AppStream hints: 1 warning normal

AppStream found metadata issues for packages:

blender: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2020-06-01 01:12

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:24

testing migrations

This package will soon be part of the auto-ffmpeg transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openexr transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openvdb transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migrates after: embree, opencolorio, openimageio, openvdb
- Migration status for blender (- to 3.1.2+dfsg-1): BLOCKED: Maybe temporary, maybe blocked but Britney is missing information (check below)
- Issues preventing migration:
- ∙ ∙ missing build on armel
- ∙ ∙ missing build on armhf
- ∙ ∙ missing build on i386
- ∙ ∙ missing build on mipsel
- ∙ ∙ arch:armhf not built yet, autopkgtest delayed there
- ∙ ∙ arch:i386 not built yet, autopkgtest delayed there
- ∙ ∙ Build-Depends(-Arch): blender embree
- ∙ ∙ Build-Depends(-Arch): blender opencolorio
- ∙ ∙ Build-Depends(-Arch): blender openimageio
- ∙ ∙ Build-Depends(-Arch): blender openvdb
- ∙ ∙ Depends: blender embree
- ∙ ∙ Depends: blender openimageio
- ∙ ∙ Depends: blender openvdb
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/b/blender.html
- ∙ ∙ 44 days old (needed 5 days)
- Not considered

news

[rss feed]

[2022-04-05] Accepted blender 3.1.2+dfsg-1 (source) into unstable (Matteo F. Vescovi)
[2022-03-27] blender REMOVED from testing (Debian testing watch)
[2022-02-20] blender 3.0.1+dfsg-7 MIGRATED to testing (Debian testing watch)
[2022-02-14] Accepted blender 3.0.1+dfsg-7 (source) into unstable (Matteo F. Vescovi)
[2022-02-12] Accepted blender 3.0.1+dfsg-6 (source) into experimental (Matteo F. Vescovi)
[2022-02-09] Accepted blender 3.0.1+dfsg-5 (source) into experimental (Matteo F. Vescovi)
[2022-02-08] Accepted blender 3.0.1+dfsg-4 (source) into experimental (Matteo F. Vescovi)
[2022-02-04] Accepted blender 3.0.1+dfsg-3 (source) into experimental (Matteo F. Vescovi)
[2022-02-03] Accepted blender 3.0.1+dfsg-2 (source) into experimental (Matteo F. Vescovi)
[2022-02-01] Accepted blender 3.0.1+dfsg-1 (source) into experimental (Matteo F. Vescovi)
[2022-01-20] Accepted blender 3.0.0+dfsg-1 (source) into experimental (Matteo F. Vescovi) (signed by: GÃ¼rkan Myczko)
[2021-11-21] blender 2.93.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-11-21] blender 2.93.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-11-15] Accepted blender 2.93.5+dfsg-1 (source) into unstable (Matteo F. Vescovi)
[2021-11-02] blender 2.93.4+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-11-02] blender 2.93.4+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-10-27] Accepted blender 2.93.4+dfsg-2 (source) into unstable (Matteo F. Vescovi)
[2021-09-21] blender 2.93.4+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-09-06] Accepted blender 2.93.4+dfsg-1 (source) into unstable (Matteo F. Vescovi)
[2021-09-05] blender 2.93.3+dfsg-3 MIGRATED to testing (Debian testing watch)
[2021-08-30] Accepted blender 2.93.3+dfsg-3 (source) into unstable (Matteo F. Vescovi)
[2021-08-25] Accepted blender 2.93.3+dfsg-2 (source) into experimental (Matteo F. Vescovi)
[2021-08-20] Accepted blender 2.93.3+dfsg-1 (source) into experimental (Matteo F. Vescovi)
[2021-08-11] Accepted blender 2.93.2+dfsg-5 (source) into experimental (Matteo F. Vescovi)
[2021-08-10] Accepted blender 2.93.2+dfsg-4 (source) into experimental (Matteo F. Vescovi)
[2021-08-09] Accepted blender 2.93.2+dfsg-3 (source) into experimental (Matteo F. Vescovi)
[2021-08-07] Accepted blender 2.93.2+dfsg-2 (source) into experimental (Matteo F. Vescovi)
[2021-08-06] Accepted blender 2.93.2+dfsg-1 (source) into experimental (Matteo F. Vescovi)
[2021-07-03] Accepted blender 2.83.16+dfsg-1 (source) into experimental (Matteo F. Vescovi)
[2021-04-06] Accepted blender 2.83.13+dfsg-1 (source) into experimental (Matteo F. Vescovi)

bugs [bug history graph]

all: 16
RC: 0
I&N: 10
M&W: 6
F&P: 0
patch: 0

links

homepage
lintian (0, 5)
buildd: logs, clang, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 100)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.0.1+dfsg-7
17 bugs