[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.44-2ubuntu2.1 --- blender (2.44-2ubuntu2.1) gutsy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:34:10 +0200 ** Changed in: blender (Ubuntu Gutsy) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-4863 ** Changed in: blender (Ubuntu Hardy) Status: In Progress => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.45-4ubuntu1.1 --- blender (2.45-4ubuntu1.1) hardy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:01:23 +0200 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-hardy" http://launchpadlibrarian.net/21513679/debdiff-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-hardy" http://launchpadlibrarian.net/21513692/build-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-gutsy" http://launchpadlibrarian.net/21513887/debdiff-gutsy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-gutsy" http://launchpadlibrarian.net/21514055/build-gutsy ** Changed in: blender (Ubuntu Gutsy) Status: Confirmed => In Progress ** Changed in: blender (Ubuntu Hardy) Status: Confirmed => In Progress -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Branch linked: lp:ubuntu/dapper-updates/blender ** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/blender/gutsy- security ** Branch linked: lp:ubuntu/hardy-updates/blender -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Update was released to fix this issue: http://www.ubuntu.com/usn/usn-699-1 ** Changed in: blender (Ubuntu Gutsy) Status: New => Confirmed ** Changed in: blender (Ubuntu Hardy) Status: New => Confirmed ** Changed in: blender (Ubuntu Jaunty) Status: Triaged => Invalid ** Changed in: blender (Ubuntu Intrepid) Status: New => Invalid ** Changed in: blender (Ubuntu Dapper) Status: New => Fix Released ** Changed in: blender (Ubuntu Jaunty) Importance: High => Undecided -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
I've just merged 2.45-5 from Debian unstable, which addresses this. Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference: * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr function allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.” Add upstream patch as pointed to by Tomas Hoger <[EMAIL PROTECTED]> (thanks!), which basically adds a check on sscanf() return code and limits the size of accepted %s parameters (Closes: #477808): - 30_fix_CVE-2008-1102. ** Changed in: blender (Ubuntu) Importance: Undecided => High -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This has been fixed in Debian, see http://www.debian.org/security/2008/dsa-1567 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Debian Bug tracker #477808 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 ** Also affects: blender (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 Importance: Unknown Status: Unknown ** Changed in: blender (Ubuntu) Status: New => Triaged -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: blender (Debian) Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] [NEW] [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: blender CVE-2008-1102 description: "Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image." http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1102 http://secunia.com/secunia_research/2008-16/advisory/ ** Affects: blender (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1102 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Gentoo Bugzilla #219008 http://bugs.gentoo.org/show_bug.cgi?id=219008 ** Also affects: gentoo via http://bugs.gentoo.org/show_bug.cgi?id=219008 Importance: Unknown Status: Unknown -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Fix Released => Confirmed -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
SUSE-SR:2008:010 also mentions CVE-2008-1103: »Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."« ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
CVE-2008-1103 is a separate set of problems and is best tracked in another bug report. I asked in the comments whether bug #6671 was the same problem as CVE-2008-1103 but received no reply. I have just filed bug #227345 to track CVE-2008-1103. ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Sorry, I just tend to group CVEs as I find them in various security advisories. It's not always easy to figure out which ones belong together, especially if you try to report a greater amount of accumulated bugs in a limit period of time. -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
I've just merged 2.45-5 from Debian unstable, which addresses this. Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference: * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr function allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.” Add upstream patch as pointed to by Tomas Hoger <[EMAIL PROTECTED]> (thanks!), which basically adds a check on sscanf() return code and limits the size of accepted %s parameters (Closes: #477808): - 30_fix_CVE-2008-1102. ** Changed in: blender (Ubuntu) Importance: Undecided => High -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Fix Released => Confirmed -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] [NEW] [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: blender CVE-2008-1102 description: "Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image." http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1102 http://secunia.com/secunia_research/2008-16/advisory/ ** Affects: blender (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1102 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This has been fixed in Debian, see http://www.debian.org/security/2008/dsa-1567 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Debian Bug tracker #477808 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 ** Also affects: blender (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 Importance: Unknown Status: Unknown ** Changed in: blender (Ubuntu) Status: New => Triaged -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: blender (Debian) Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
SUSE-SR:2008:010 also mentions CVE-2008-1103: »Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."« ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
CVE-2008-1103 is a separate set of problems and is best tracked in another bug report. I asked in the comments whether bug #6671 was the same problem as CVE-2008-1103 but received no reply. I have just filed bug #227345 to track CVE-2008-1103. ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Sorry, I just tend to group CVEs as I find them in various security advisories. It's not always easy to figure out which ones belong together, especially if you try to report a greater amount of accumulated bugs in a limit period of time. -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Gentoo Bugzilla #219008 http://bugs.gentoo.org/show_bug.cgi?id=219008 ** Also affects: gentoo via http://bugs.gentoo.org/show_bug.cgi?id=219008 Importance: Unknown Status: Unknown -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-hardy" http://launchpadlibrarian.net/21513679/debdiff-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-hardy" http://launchpadlibrarian.net/21513692/build-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-gutsy" http://launchpadlibrarian.net/21513887/debdiff-gutsy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-gutsy" http://launchpadlibrarian.net/21514055/build-gutsy ** Changed in: blender (Ubuntu Gutsy) Status: Confirmed => In Progress ** Changed in: blender (Ubuntu Hardy) Status: Confirmed => In Progress -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.44-2ubuntu2.1 --- blender (2.44-2ubuntu2.1) gutsy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:34:10 +0200 ** Changed in: blender (Ubuntu Gutsy) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-4863 ** Changed in: blender (Ubuntu Hardy) Status: In Progress => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.45-4ubuntu1.1 --- blender (2.45-4ubuntu1.1) hardy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:01:23 +0200 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Update was released to fix this issue: http://www.ubuntu.com/usn/usn-699-1 ** Changed in: blender (Ubuntu Gutsy) Status: New => Confirmed ** Changed in: blender (Ubuntu Hardy) Status: New => Confirmed ** Changed in: blender (Ubuntu Jaunty) Status: Triaged => Invalid ** Changed in: blender (Ubuntu Intrepid) Status: New => Invalid ** Changed in: blender (Ubuntu Dapper) Status: New => Fix Released ** Changed in: blender (Ubuntu Jaunty) Importance: High => Undecided -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.44-2ubuntu2.1 --- blender (2.44-2ubuntu2.1) gutsy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:34:10 +0200 ** Changed in: blender (Ubuntu Gutsy) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-4863 ** Changed in: blender (Ubuntu Hardy) Status: In Progress => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.45-4ubuntu1.1 --- blender (2.45-4ubuntu1.1) hardy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:01:23 +0200 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-hardy" http://launchpadlibrarian.net/21513679/debdiff-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-hardy" http://launchpadlibrarian.net/21513692/build-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-gutsy" http://launchpadlibrarian.net/21513887/debdiff-gutsy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-gutsy" http://launchpadlibrarian.net/21514055/build-gutsy ** Changed in: blender (Ubuntu Gutsy) Status: Confirmed => In Progress ** Changed in: blender (Ubuntu Hardy) Status: Confirmed => In Progress -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Update was released to fix this issue: http://www.ubuntu.com/usn/usn-699-1 ** Changed in: blender (Ubuntu Gutsy) Status: New => Confirmed ** Changed in: blender (Ubuntu Hardy) Status: New => Confirmed ** Changed in: blender (Ubuntu Jaunty) Status: Triaged => Invalid ** Changed in: blender (Ubuntu Intrepid) Status: New => Invalid ** Changed in: blender (Ubuntu Dapper) Status: New => Fix Released ** Changed in: blender (Ubuntu Jaunty) Importance: High => Undecided -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Branch linked: lp:ubuntu/dapper-updates/blender ** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/blender/gutsy- security ** Branch linked: lp:ubuntu/hardy-updates/blender -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
I've just merged 2.45-5 from Debian unstable, which addresses this. Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference: * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr function allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.” Add upstream patch as pointed to by Tomas Hoger <[EMAIL PROTECTED]> (thanks!), which basically adds a check on sscanf() return code and limits the size of accepted %s parameters (Closes: #477808): - 30_fix_CVE-2008-1102. ** Changed in: blender (Ubuntu) Importance: Undecided => High -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This has been fixed in Debian, see http://www.debian.org/security/2008/dsa-1567 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Debian Bug tracker #477808 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 ** Also affects: blender (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 Importance: Unknown Status: Unknown ** Changed in: blender (Ubuntu) Status: New => Triaged -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: blender (Debian) Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Gentoo Bugzilla #219008 http://bugs.gentoo.org/show_bug.cgi?id=219008 ** Also affects: gentoo via http://bugs.gentoo.org/show_bug.cgi?id=219008 Importance: Unknown Status: Unknown -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Fix Released => Confirmed -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] [NEW] [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: blender CVE-2008-1102 description: "Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image." http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1102 http://secunia.com/secunia_research/2008-16/advisory/ ** Affects: blender (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1102 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
SUSE-SR:2008:010 also mentions CVE-2008-1103: »Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."« ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
CVE-2008-1103 is a separate set of problems and is best tracked in another bug report. I asked in the comments whether bug #6671 was the same problem as CVE-2008-1103 but received no reply. I have just filed bug #227345 to track CVE-2008-1103. ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Sorry, I just tend to group CVEs as I find them in various security advisories. It's not always easy to figure out which ones belong together, especially if you try to report a greater amount of accumulated bugs in a limit period of time. -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Branch linked: lp:ubuntu/dapper-updates/blender ** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/blender/gutsy- security ** Branch linked: lp:ubuntu/hardy-updates/blender -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
I've just merged 2.45-5 from Debian unstable, which addresses this. Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference: * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr function allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.” Add upstream patch as pointed to by Tomas Hoger <[EMAIL PROTECTED]> (thanks!), which basically adds a check on sscanf() return code and limits the size of accepted %s parameters (Closes: #477808): - 30_fix_CVE-2008-1102. ** Changed in: blender (Ubuntu) Importance: Undecided => High -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This has been fixed in Debian, see http://www.debian.org/security/2008/dsa-1567 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Debian Bug tracker #477808 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 ** Also affects: blender (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 Importance: Unknown Status: Unknown ** Changed in: blender (Ubuntu) Status: New => Triaged -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: blender (Debian) Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Gentoo Bugzilla #219008 http://bugs.gentoo.org/show_bug.cgi?id=219008 ** Also affects: gentoo via http://bugs.gentoo.org/show_bug.cgi?id=219008 Importance: Unknown Status: Unknown -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Fix Released => Confirmed -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] [NEW] [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: blender CVE-2008-1102 description: "Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image." http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1102 http://secunia.com/secunia_research/2008-16/advisory/ ** Affects: blender (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1102 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
SUSE-SR:2008:010 also mentions CVE-2008-1103: »Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."« ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
CVE-2008-1103 is a separate set of problems and is best tracked in another bug report. I asked in the comments whether bug #6671 was the same problem as CVE-2008-1103 but received no reply. I have just filed bug #227345 to track CVE-2008-1103. ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Sorry, I just tend to group CVEs as I find them in various security advisories. It's not always easy to figure out which ones belong together, especially if you try to report a greater amount of accumulated bugs in a limit period of time. -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.44-2ubuntu2.1 --- blender (2.44-2ubuntu2.1) gutsy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:34:10 +0200 ** Changed in: blender (Ubuntu Gutsy) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-4863 ** Changed in: blender (Ubuntu Hardy) Status: In Progress => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.45-4ubuntu1.1 --- blender (2.45-4ubuntu1.1) hardy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:01:23 +0200 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
I've just merged 2.45-5 from Debian unstable, which addresses this. Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference: * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr function allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.” Add upstream patch as pointed to by Tomas Hoger <[EMAIL PROTECTED]> (thanks!), which basically adds a check on sscanf() return code and limits the size of accepted %s parameters (Closes: #477808): - 30_fix_CVE-2008-1102. ** Changed in: blender (Ubuntu) Importance: Undecided => High -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Gentoo Bugzilla #219008 http://bugs.gentoo.org/show_bug.cgi?id=219008 ** Also affects: gentoo via http://bugs.gentoo.org/show_bug.cgi?id=219008 Importance: Unknown Status: Unknown -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: gentoo Status: Fix Released => Confirmed -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This has been fixed in Debian, see http://www.debian.org/security/2008/dsa-1567 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Debian Bug tracker #477808 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 ** Also affects: blender (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 Importance: Unknown Status: Unknown ** Changed in: blender (Ubuntu) Status: New => Triaged -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: blender (Debian) Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] [NEW] [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: blender CVE-2008-1102 description: "Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image." http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1102 http://secunia.com/secunia_research/2008-16/advisory/ ** Affects: blender (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1102 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
SUSE-SR:2008:010 also mentions CVE-2008-1103: »Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."« ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
CVE-2008-1103 is a separate set of problems and is best tracked in another bug report. I asked in the comments whether bug #6671 was the same problem as CVE-2008-1103 but received no reply. I have just filed bug #227345 to track CVE-2008-1103. ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1103 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Sorry, I just tend to group CVEs as I find them in various security advisories. It's not always easy to figure out which ones belong together, especially if you try to report a greater amount of accumulated bugs in a limit period of time. -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-hardy" http://launchpadlibrarian.net/21513679/debdiff-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-hardy" http://launchpadlibrarian.net/21513692/build-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-gutsy" http://launchpadlibrarian.net/21513887/debdiff-gutsy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-gutsy" http://launchpadlibrarian.net/21514055/build-gutsy ** Changed in: blender (Ubuntu Gutsy) Status: Confirmed => In Progress ** Changed in: blender (Ubuntu Hardy) Status: Confirmed => In Progress -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Update was released to fix this issue: http://www.ubuntu.com/usn/usn-699-1 ** Changed in: blender (Ubuntu Gutsy) Status: New => Confirmed ** Changed in: blender (Ubuntu Hardy) Status: New => Confirmed ** Changed in: blender (Ubuntu Jaunty) Status: Triaged => Invalid ** Changed in: blender (Ubuntu Intrepid) Status: New => Invalid ** Changed in: blender (Ubuntu Dapper) Status: New => Fix Released ** Changed in: blender (Ubuntu Jaunty) Importance: High => Undecided -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.44-2ubuntu2.1 --- blender (2.44-2ubuntu2.1) gutsy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:34:10 +0200 ** Changed in: blender (Ubuntu Gutsy) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-4863 ** Changed in: blender (Ubuntu Hardy) Status: In Progress => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This bug was fixed in the package blender - 2.45-4ubuntu1.1 --- blender (2.45-4ubuntu1.1) hardy-security; urgency=low * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan LesicnikWed, 21 Jan 2009 10:01:23 +0200 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Branch linked: lp:ubuntu/dapper-updates/blender ** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/blender/gutsy- security ** Branch linked: lp:ubuntu/hardy-updates/blender -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-hardy" http://launchpadlibrarian.net/21513679/debdiff-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-hardy" http://launchpadlibrarian.net/21513692/build-hardy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "debdiff-gutsy" http://launchpadlibrarian.net/21513887/debdiff-gutsy -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Attachment added: "build-gutsy" http://launchpadlibrarian.net/21514055/build-gutsy ** Changed in: blender (Ubuntu Gutsy) Status: Confirmed => In Progress ** Changed in: blender (Ubuntu Hardy) Status: Confirmed => In Progress -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Branch linked: lp:ubuntu/dapper-updates/blender ** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/blender/gutsy- security ** Branch linked: lp:ubuntu/hardy-updates/blender -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
Update was released to fix this issue: http://www.ubuntu.com/usn/usn-699-1 ** Changed in: blender (Ubuntu Gutsy) Status: New => Confirmed ** Changed in: blender (Ubuntu Hardy) Status: New => Confirmed ** Changed in: blender (Ubuntu Jaunty) Status: Triaged => Invalid ** Changed in: blender (Ubuntu Intrepid) Status: New => Invalid ** Changed in: blender (Ubuntu Dapper) Status: New => Fix Released ** Changed in: blender (Ubuntu Jaunty) Importance: High => Undecided -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
I've just merged 2.45-5 from Debian unstable, which addresses this. Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference: * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr function allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.” Add upstream patch as pointed to by Tomas Hoger <[EMAIL PROTECTED]> (thanks!), which basically adds a check on sscanf() return code and limits the size of accepted %s parameters (Closes: #477808): - 30_fix_CVE-2008-1102. ** Changed in: blender (Ubuntu) Importance: Undecided => High -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
This has been fixed in Debian, see http://www.debian.org/security/2008/dsa-1567 -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Debian Bug tracker #477808 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 ** Also affects: blender (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477808 Importance: Unknown Status: Unknown ** Changed in: blender (Ubuntu) Status: New => Triaged -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Changed in: blender (Debian) Status: Unknown => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222592] Re: [CVE-2008-1102] Blender imb_loadhdr() buffer overflow
** Bug watch added: Gentoo Bugzilla #219008 http://bugs.gentoo.org/show_bug.cgi?id=219008 ** Also affects: gentoo via http://bugs.gentoo.org/show_bug.cgi?id=219008 Importance: Unknown Status: Unknown -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
