Hi Ola!
On Fri, May 11, 2018 at 11:34 AM, Ola Lundqvist <ola@inguza.com> wrote:
> Hi all
>
> Summary:
> Fact: Blender is vulnerable and the vulnerability is possible code execution
> Question 1: Should we bother about updating blender in wheezy (considering
> the likelyhood of exploit, see below)?
[...]
Following a specific request from Security Team member Moritz (jmm), I
started working on backporting security fixes for that bunch of open
CVEs you cited for stretch.
On the first mail he sent me on Apr 26, he stated:
- - - >8 - - -
Still, given that it's a fair number of open issues, should we fix
at least stretch-security? It's probably fine to ignore jessie, I doubt
anyone is doing modelling with such an old version at this point (and
jessie is EOL pretty soon anyway).
- - - >8 - - -
Stretch is in my TODO list, indeed.
Jessie and wheezy could be ingnored.
Hope this helps.
Cheers.
--
Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A