Re: Accepted blender 2.42a-5etch1 (source i386)

To: Florian Ernst <florian@debian.org>, debian-release@lists.debian.org
Cc: jmm@inutil.org
Subject: Re: Accepted blender 2.42a-5etch1 (source i386)
From: Steve Langasek <vorlon@debian.org>
Date: Wed, 28 Mar 2007 04:03:09 -0700
Message-id: <[🔎] 20070328110309.GG7027@borges.dodds.net>
Mail-followup-to: Florian Ernst <florian@debian.org>, debian-release@lists.debian.org, jmm@inutil.org
In-reply-to: <E1HWVgG-0003PB-3j@ries.debian.org>
References: <E1HWVgG-0003PB-3j@ries.debian.org>

On Wed, Mar 28, 2007 at 10:47:04AM +0000, Florian Ernst wrote:
>  blender (2.42a-5etch1) testing-proposed-updates; urgency=high
>  .
>    * Upload to t-p-u after talking to the security team
>    * Security: No longer ship the kmz_ImportWithMesh.py script since it allows
>      user-assisted remote attackers to execute arbitrary Python code by
>      importing a crafted (1) KML or (2) KMZ file [CVE-2007-1253].

Uhm?  I just saw Moritz quoted as saying:

> The change in question would warrant a DSA, so I'm quite sure it will
> get accepted if it only contains the change below. It's easily reviewable
> and fixes a genuine security problem.

If it warrants a DSA, why was this not uploaded to testing-security instead
of testing-proposed-updates?

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Reply to:

Follow-Ups:
- Re: Accepted blender 2.42a-5etch1 (source i386)
  - From: Florian Ernst <florian_ernst@gmx.net>

Prev by Date: Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
Next by Date: Re: Priority of libsasl2 in etch
Previous by thread: Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
Next by thread: Re: Accepted blender 2.42a-5etch1 (source i386)
Index(es):
- Date
- Thread