Re: Accepted blender 2.42a-5etch1 (source i386)
On Wed, Mar 28, 2007 at 10:47:04AM +0000, Florian Ernst wrote:
> blender (2.42a-5etch1) testing-proposed-updates; urgency=high
> .
> * Upload to t-p-u after talking to the security team
> * Security: No longer ship the kmz_ImportWithMesh.py script since it allows
> user-assisted remote attackers to execute arbitrary Python code by
> importing a crafted (1) KML or (2) KMZ file [CVE-2007-1253].
Uhm? I just saw Moritz quoted as saying:
> The change in question would warrant a DSA, so I'm quite sure it will
> get accepted if it only contains the change below. It's easily reviewable
> and fixes a genuine security problem.
If it warrants a DSA, why was this not uploaded to testing-security instead
of testing-proposed-updates?
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: