This bug was fixed in the package blender - 2.44-2ubuntu2.1 --------------- blender (2.44-2ubuntu2.1) gutsy-security; urgency=low
* SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image (LP: #222592) - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow. - CVE-2008-1102 * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501) - 01_sanitize_sys.path: Debian patch to no longer load modules from current dir. Slightly modified from Debian patch as per recommendation from debian patch author. - CVE-2008-4863 -- Stefan Lesicnik <ste...@lsd.co.za> Wed, 21 Jan 2009 10:34:10 +0200 ** Changed in: blender (Ubuntu Gutsy) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-4863 ** Changed in: blender (Ubuntu Hardy) Status: In Progress => Fix Released -- [CVE-2008-1102] Blender imb_loadhdr() buffer overflow https://bugs.launchpad.net/bugs/222592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs -- universe-bugs mailing list universe-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/universe-bugs