Package: blender Version: 2.37a-1 Severity: normal Tags: security A buffer overflow has been found in the args parsing of blenderplayer. This is a minor security problem, as it would need to trick someone into playing a file with really quite noticably manipulated file names, but has been assigned CAN-2005-3151 by MITRE anyway. A demo exploit is available at http://www.securiteam.com/exploits/5BP0T2KGVA.html
Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-rc1 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages blender depends on: ii gettext [libg 0.14.5-2 GNU Internationalization utilities ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libgcc1 1:4.0.2-2 GCC support library ii libglu1-xorg 6.8.2.dfsg.1-7 Mesa OpenGL utility library [X.Org ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libpng12-0 1.2.8rel-4 PNG library - runtime ii libsdl1.2debi 1.2.7+1.2.8cvs20041007-5.3 Simple DirectMedia Layer ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3 ii libx11-6 6.8.2.dfsg.1-7 X Window System protocol client li ii python2.3 2.3.5-8 An interactive high-level object-o ii xlibmesa-gl [ 6.8.2.dfsg.1-7 Mesa 3D graphics library [X.Org] pi xlibs 6.8.2.dfsg.1-7 X Window System client libraries m ii zlib1g 1:1.2.3-4 compression library - runtime blender recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]