Wouter van Heyst wrote:
> I only understand the basics of heap-based overflows, I do not yet see
> how to use this one. Someone explaining it would be very welcome.
The two most common ways to exploit integer problems are
a) Integers, which control a memory allocation: By letting this integer
Steve Kemp wrote:
> > Please tell whether you deem those patches sufficient for a potential
> > future security advisory, and if not, please provide pointers at what
> > might be missing.
>
> It looks good to me.
I can confirm the patch for CVE-2005-3302 is correct, I've sent a similar
patch a
On Fri, Dec 23, 2005 at 05:56:59PM +0100, Wouter van Heyst wrote:
> > It looks good to me. I've built a package and if nobody has any
> > objections I'll upload later today.
>
> No objections from me.
Great I already uploaded the package ;)
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL
On Fri, Dec 23, 2005 at 09:55:07AM +, Steve Kemp wrote:
> On Fri, Dec 23, 2005 at 12:10:00AM +0100, Florian Ernst wrote:
>
> > Steve, btw, any news on CVE-2005-3302 aka bug#330895 (arbitrary code
> > execution when importing a .bvh file)? Last I heard you were going to
> > prepare an update un
On Fri, Dec 23, 2005 at 12:10:00AM +0100, Florian Ernst wrote:
> Steve, btw, any news on CVE-2005-3302 aka bug#330895 (arbitrary code
> execution when importing a .bvh file)? Last I heard you were going to
> prepare an update unless anybody had an issue with the changes made,
> yet I haven't heard
# I consider upstream's fix to be sufficient, so:
tags 344398 patch
thanks [EMAIL PROTECTED] BCC'd
On Thu, Dec 22, 2005 at 02:30:46PM +0100, Moritz Muehlenhoff wrote:
> An integer overflow in the header parser for .blend files can potentially
> be exploited to execute code through a heap overflow.
On Thu, Dec 22, 2005 at 02:30:46PM +0100, Moritz Muehlenhoff wrote:
> Package: blender
> Version: 2.37a-1.1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> An integer overflow in the header parser for .blend files can potentially
> be exploited to execute code through a
On Thu, Dec 22, 2005 at 02:30:46PM +0100, Moritz Muehlenhoff wrote:
> An integer overflow in the header parser for .blend files can potentially
> be exploited to execute code through a heap overflow. Please see
> http://www.overflow.pl/adv/blenderinteger.txt for details.
>
> This is CVE-2005-447
Package: blender
Version: 2.37a-1.1
Severity: grave
Tags: security
Justification: user security hole
An integer overflow in the header parser for .blend files can potentially
be exploited to execute code through a heap overflow. Please see
http://www.overflow.pl/adv/blenderinteger.txt for details
9 matches
Mail list logo
