Moritz Muehlenhoff wrote:
> Package: blender
> Version: 2.37a-1
> Severity: normal
> Tags: security
>
> A buffer overflow has been found in the args parsing of blenderplayer.
> This is a minor security problem, as it would need to trick someone
> into playing a file with really quite noticably manipulated file names,
> but has been assigned CAN-2005-3151 by MITRE anyway. A demo exploit
> is available at http://www.securiteam.com/exploits/5BP0T2KGVA.html
Dear Blender maintainers,
is this resolved in current Blender releases? It's only exploitable
in rare corner cases, but still it would be nice to have it fixed in
Etch.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
