[Pkg-blender-maintainers] CVE-2007-1253: Eval injection vulnerability in kmz_ImportWithMesh.py

Florian Ernst florian_ernst at gmx.net
Wed Mar 14 13:17:44 CET 2007


On Wed, Mar 14, 2007 at 12:24:05PM +0100, Cyril Brulebois wrote:
> Irk, I wasn't at home yesterday and didn't read it carefully, just read
> the kernel/d-i bits and planned schedule... But as you said, these are
> pure documentation changes, and furthermore, the Blender team wasn't
> that communicative about this problem, so we didn't get the appropriate
> information with a perfect timing. I hope it will be OK.

I'll ask the release team before uploading, just to make sure.

> Please fetch the .dsc and .diff.gz files and tell me your mind about
> them. I'm not sure about the security team will open a bug in the BTS to
> document this problem or if we just have to upload the package without
> any bug number reference (I mean "Closes: #bug", not the CVE reference).

I've mailed them about this issue. An answer pending I don't think they
will open a bugreport for this, so I have removed the empty "closes"
stanza.

Currently I'm building your fine package. Thanks for the quick work!

Cheers,
Flo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-blender-maintainers/attachments/20070314/83a55e38/attachment.pgp


More information about the Pkg-blender-maintainers mailing list