Re: Advice how to handle blender

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Advice how to handle blender
From: "Matteo F. Vescovi" <mfv@debian.org>
Date: Fri, 11 May 2018 15:30:16 +0200
Message-id: <[🔎] CAKEqywm+ryOmc8xQqVNJwksAQBV3ZWYHP6SyWgCWBDk5qjgCnw@mail.gmail.com>
In-reply-to: <[🔎] CABY6=0=rbMqx2q_J7JYNxbyGDOTbtV+hhRtjaU+X1TEtutLyyw@mail.gmail.com>
References: <[🔎] CABY6=0=rbMqx2q_J7JYNxbyGDOTbtV+hhRtjaU+X1TEtutLyyw@mail.gmail.com>

Hi Ola!

On Fri, May 11, 2018 at 11:34 AM, Ola Lundqvist <ola@inguza.com> wrote:
> Hi all
>
> Summary:
> Fact: Blender is vulnerable and the vulnerability is possible code execution
> Question 1: Should we bother about updating blender in wheezy (considering
> the likelyhood of exploit, see below)?

[...]

Following a specific request from Security Team member Moritz (jmm), I
started working on backporting security fixes for that bunch of open
CVEs you cited for stretch.
On the first mail he sent me on Apr 26, he stated:

- - - >8 - - -
Still, given that it's a fair number of open issues, should we fix
at least stretch-security? It's probably fine to ignore jessie, I doubt
anyone is doing modelling with such an old version at this point (and
jessie is EOL pretty soon anyway).
- - - >8 - - -

Stretch is in my TODO list, indeed.
Jessie and wheezy could be ingnored.

Hope this helps.

Cheers.

-- 
Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A

Reply to:

Follow-Ups:
- Re: Advice how to handle blender
  - From: Ola Lundqvist <ola@inguza.com>

References:
- Advice how to handle blender
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Re: Wheezy update of libmad?
Next by Date: Re: Advice how to handle blender
Previous by thread: Advice how to handle blender
Next by thread: Re: Advice how to handle blender
Index(es):
- Date
- Thread