Package: blender
Version: 2.37a-1
Severity: normal
Tags: security
A buffer overflow has been found in the args parsing of blenderplayer.
This is a minor security problem, as it would need to trick someone
into playing a file with really quite noticably manipulated file names,
but has been assigned CAN-2005-3151 by MITRE anyway. A demo exploit
is available at http://www.securiteam.com/exploits/5BP0T2KGVA.html
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages blender depends on:
ii gettext [libg 0.14.5-2 GNU Internationalization utilities
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.0.2-2 GCC support library
ii libglu1-xorg 6.8.2.dfsg.1-7 Mesa OpenGL utility library [X.Org
ii libjpeg62 6b-10 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.8rel-4 PNG library - runtime
ii libsdl1.2debi 1.2.7+1.2.8cvs20041007-5.3 Simple DirectMedia Layer
ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3
ii libx11-6 6.8.2.dfsg.1-7 X Window System protocol client li
ii python2.3 2.3.5-8 An interactive high-level object-o
ii xlibmesa-gl [ 6.8.2.dfsg.1-7 Mesa 3D graphics library [X.Org]
pi xlibs 6.8.2.dfsg.1-7 X Window System client libraries m
ii zlib1g 1:1.2.3-4 compression library - runtime
blender recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]