Your message dated Thu, 05 Jan 2012 12:25:17 +0100
with message-id <4f05889d.5000...@gmail.com>
and subject line Re: CAN-2005-3151: Bufferoverflow in blenderplayer arg parsing
has caused the Debian Bug report #332413,
regarding CAN-2005-3151: Bufferoverflow in blenderplayer arg parsing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
332413: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332413
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: blender
Version: 2.37a-1
Severity: normal
Tags: security
A buffer overflow has been found in the args parsing of blenderplayer.
This is a minor security problem, as it would need to trick someone
into playing a file with really quite noticably manipulated file names,
but has been assigned CAN-2005-3151 by MITRE anyway. A demo exploit
is available at http://www.securiteam.com/exploits/5BP0T2KGVA.html
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Versions of packages blender depends on:
ii gettext [libg 0.14.5-2 GNU Internationalization utilities
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.0.2-2 GCC support library
ii libglu1-xorg 6.8.2.dfsg.1-7 Mesa OpenGL utility library [X.Org
ii libjpeg62 6b-10 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.8rel-4 PNG library - runtime
ii libsdl1.2debi 1.2.7+1.2.8cvs20041007-5.3 Simple DirectMedia Layer
ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3
ii libx11-6 6.8.2.dfsg.1-7 X Window System protocol client li
ii python2.3 2.3.5-8 An interactive high-level object-o
ii xlibmesa-gl [ 6.8.2.dfsg.1-7 Mesa 3D graphics library [X.Org]
pi xlibs 6.8.2.dfsg.1-7 X Window System client libraries m
ii zlib1g 1:1.2.3-4 compression library - runtime
blender recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Package: blender
Version: 2.61-1
I suppose actual working copy fixes this issue, so I'm closing this bug
report. Anyway, if the problem persists, feel free to re-open it.
Thanks for your efforts.
--
Matteo F. Vescovi
Debian Sponsored Maintainer
e-mail: mfv.deb...@gmail.com
GnuPG KeyID: 1E9C4467
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
