[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted blender 2.42a-8 (source amd64)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 29 Nov 2008 18:48:10 +0100
Source: blender
Binary: blender
Architecture: source amd64
Version: 2.42a-8
Distribution: stable
Urgency: low
Maintainer: Cyril Brulebois <kibi@debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description: 
 blender    - Very fast and versatile 3D modeller/renderer
Closes: 503632
Changes: 
 blender (2.42a-8) stable; urgency=low
 .
   * Include patch by James Vega (thanks!) to fix security bug: Blender's
     BPY_interface was calling PySys_SetArgv so that sys.path was prepended
     with an empty string, resulting in possible arbitrary code execution,
     when the working directory contains a file named like one that
     Blender's python scripts try to import (Closes: #503632). That patch
     removes empty elements from sys.path:
      - debian/patches/01_sanitize_sys.path
     This is CVE-2008-4863.
   * Acknowledge previous NMU by the security team, thanks Devin Carraway.
   * Update Maintainer/Uploaders.
Files: 
 83034e610697736933ab5bbb1515741c 883 graphics optional blender_2.42a-8.dsc
 c1bc77923cc3c6712adb3b43a1e7d6cf 30192 graphics optional blender_2.42a-8.diff.gz
 26b71cf18193f2fb3169b4983c76064a 6373114 graphics optional blender_2.42a-8_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkxm5kACgkQeGfVPHR5Nd3L4wCg0H4sA+a3Y3jxopKPL2EnPXeU
HE4An21CubEk77w80eIUMNz+qMf8kdLt
=siur
-----END PGP SIGNATURE-----


Accepted:
blender_2.42a-8.diff.gz
  to pool/main/b/blender/blender_2.42a-8.diff.gz
blender_2.42a-8.dsc
  to pool/main/b/blender/blender_2.42a-8.dsc
blender_2.42a-8_amd64.deb
  to pool/main/b/blender/blender_2.42a-8_amd64.deb


Reply to: