[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice how to handle blender

Hi Ola!

On Fri, May 11, 2018 at 11:34 AM, Ola Lundqvist <ola@inguza.com> wrote:
> Hi all
> Summary:
> Fact: Blender is vulnerable and the vulnerability is possible code execution
> Question 1: Should we bother about updating blender in wheezy (considering
> the likelyhood of exploit, see below)?


Following a specific request from Security Team member Moritz (jmm), I
started working on backporting security fixes for that bunch of open
CVEs you cited for stretch.
On the first mail he sent me on Apr 26, he stated:

- - - >8 - - -
Still, given that it's a fair number of open issues, should we fix
at least stretch-security? It's probably fine to ignore jessie, I doubt
anyone is doing modelling with such an old version at this point (and
jessie is EOL pretty soon anyway).
- - - >8 - - -

Stretch is in my TODO list, indeed.
Jessie and wheezy could be ingnored.

Hope this helps.


Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A

Reply to: