On Fri, Dec 23, 2005 at 09:55:07AM +0000, Steve Kemp wrote: > On Fri, Dec 23, 2005 at 12:10:00AM +0100, Florian Ernst wrote: > > > Steve, btw, any news on CVE-2005-3302 aka bug#330895 (arbitrary code > > execution when importing a .bvh file)? Last I heard you were going to > > prepare an update unless anybody had an issue with the changes made, > > yet I haven't heard of any such issues (or anything at all, to be > > precise) since then... > > Utterly slipped my mind. :( > > > FWIW, I've put together an update for Sarge's version of the blender > > package based on the upstream change mentioned above, please find > > attached a cumulative interdiff for both CVE-2005-3302 aka bug#330895 > > and this bug so these issues can be resolved for Sarge. > > Great, thanks a lot. > > > Please tell whether you deem those patches sufficient for a potential > > future security advisory, and if not, please provide pointers at what > > might be missing. > > It looks good to me. I've built a package and if nobody has any > objections I'll upload later today.
No objections from me. Wouter van Heyst -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
