Accepted blender 2.42a-8 (source amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 29 Nov 2008 18:48:10 +0100
Source: blender
Binary: blender
Architecture: source amd64
Version: 2.42a-8
Distribution: stable
Urgency: low
Maintainer: Cyril Brulebois <kibi@debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description:
blender - Very fast and versatile 3D modeller/renderer
Closes: 503632
Changes:
blender (2.42a-8) stable; urgency=low
.
* Include patch by James Vega (thanks!) to fix security bug: Blender's
BPY_interface was calling PySys_SetArgv so that sys.path was prepended
with an empty string, resulting in possible arbitrary code execution,
when the working directory contains a file named like one that
Blender's python scripts try to import (Closes: #503632). That patch
removes empty elements from sys.path:
- debian/patches/01_sanitize_sys.path
This is CVE-2008-4863.
* Acknowledge previous NMU by the security team, thanks Devin Carraway.
* Update Maintainer/Uploaders.
Files:
83034e610697736933ab5bbb1515741c 883 graphics optional blender_2.42a-8.dsc
c1bc77923cc3c6712adb3b43a1e7d6cf 30192 graphics optional blender_2.42a-8.diff.gz
26b71cf18193f2fb3169b4983c76064a 6373114 graphics optional blender_2.42a-8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkxm5kACgkQeGfVPHR5Nd3L4wCg0H4sA+a3Y3jxopKPL2EnPXeU
HE4An21CubEk77w80eIUMNz+qMf8kdLt
=siur
-----END PGP SIGNATURE-----
Accepted:
blender_2.42a-8.diff.gz
to pool/main/b/blender/blender_2.42a-8.diff.gz
blender_2.42a-8.dsc
to pool/main/b/blender/blender_2.42a-8.dsc
blender_2.42a-8_amd64.deb
to pool/main/b/blender/blender_2.42a-8_amd64.deb
Reply to: