Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py

To: debian-release@lists.debian.org
Subject: Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
From: Florian Ernst <florian_ernst@gmx.net>
Date: Thu, 5 Apr 2007 00:59:04 +0200
Message-id: <[🔎] 20070404225903.GD10498@rechenknecht.dynip.yawsp.de>
In-reply-to: <[🔎] 20070404224213.GL10433@dario.dodds.net>
References: <20070327083759.GA4885@rechenknecht.dynip.yawsp.de> <20070327195016.GA3552@galadriel.inutil.org> <20070328103412.GC4885@rechenknecht.dynip.yawsp.de> <[🔎] 4613E241.3070504@debian.org> <[🔎] 20070404202947.GA10498@rechenknecht.dynip.yawsp.de> <[🔎] 46140D24.8040307@debian.org> <[🔎] 20070404210511.GB10498@rechenknecht.dynip.yawsp.de> <[🔎] 461414D2.9000008@debian.org> <[🔎] 20070404222152.GC10498@rechenknecht.dynip.yawsp.de> <[🔎] 20070404224213.GL10433@dario.dodds.net>

On Wed, Apr 04, 2007 at 03:42:13PM -0700, Steve Langasek wrote:
> On Thu, Apr 05, 2007 at 12:21:52AM +0200, Florian Ernst wrote:
> > On the other hand, the toolchain is frozen for quite some time and
> > identical both in testing and unstable, and blender_2.42a-6 which is
> > identical code-wise to -5etch1 has built on all archs, including mips
> > and sparc, without any problems.
> 
> Please refresh my memory, is there some reason we don't want to accept -6
> from unstable into etch?

<http://lists.debian.org/debian-release/2007/03/msg00677.html> lists
your reasons. So far I assumed they still apply.

In the light of the recent issues, would you prefer a -7 upload
reverting everything from -6 except for the one-liner to fix
CVE-2007-1253 (thus being identical to -5etch1)?

Cheers,
Flo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
  - From: Steve Langasek <vorlon@debian.org>

References:
- Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
  - From: Luk Claes <luk@debian.org>
- Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
  - From: Florian Ernst <florian_ernst@gmx.net>
- Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
  - From: Luk Claes <luk@debian.org>
- Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
  - From: Florian Ernst <florian_ernst@gmx.net>
- Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
  - From: Luk Claes <luk@debian.org>
- Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
  - From: Florian Ernst <florian_ernst@gmx.net>
- Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
Next by Date: Re: Bug#416658: not-yet-RC fix for mdadm
Previous by thread: Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
Next by thread: Re: [Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py
Index(es):
- Date
- Thread