I've just merged 2.45-5 from Debian unstable, which addresses this.
Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian
changelog snippet for reference:
* Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr
function allows user-assisted remote attackers to execute arbitrary
code via a .blend file that contains a crafted Radiance RGBE image.”
Add upstream patch as pointed to by Tomas Hoger <[EMAIL PROTECTED]>
(thanks!), which basically adds a check on sscanf() return code and
limits the size of accepted %s parameters (Closes: #477808):
- 30_fix_CVE-2008-1102.
** Changed in: blender (Ubuntu)
Importance: Undecided => High
--
[CVE-2008-1102] Blender imb_loadhdr() buffer overflow
https://bugs.launchpad.net/bugs/222592
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
