On Fri, Dec 23, 2005 at 12:10:00AM +0100, Florian Ernst wrote: > Steve, btw, any news on CVE-2005-3302 aka bug#330895 (arbitrary code > execution when importing a .bvh file)? Last I heard you were going to > prepare an update unless anybody had an issue with the changes made, > yet I haven't heard of any such issues (or anything at all, to be > precise) since then...
Utterly slipped my mind. :( > FWIW, I've put together an update for Sarge's version of the blender > package based on the upstream change mentioned above, please find > attached a cumulative interdiff for both CVE-2005-3302 aka bug#330895 > and this bug so these issues can be resolved for Sarge. Great, thanks a lot. > Please tell whether you deem those patches sufficient for a potential > future security advisory, and if not, please provide pointers at what > might be missing. It looks good to me. I've built a package and if nobody has any objections I'll upload later today. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
