[Pkg-blender-maintainers] CVE-2007-1253: Eval injection vulnerability in kmz_ImportWithMesh.py

Florian Ernst florian_ernst at gmx.net
Thu Mar 15 10:01:51 CET 2007

On Wed, Mar 14, 2007 at 01:17:44PM +0100, Florian Ernst wrote:
> On Wed, Mar 14, 2007 at 12:24:05PM +0100, Cyril Brulebois wrote:
> > Irk, I wasn't at home yesterday and didn't read it carefully, just read
> > the kernel/d-i bits and planned schedule... But as you said, these are
> > pure documentation changes, and furthermore, the Blender team wasn't
> > that communicative about this problem, so we didn't get the appropriate
> > information with a perfect timing. I hope it will be OK.
> I'll ask the release team before uploading, just to make sure.

Apparently _nothing_ in -6 warrants a freeze exemption, please see
<http://lists.debian.org/debian-release/2007/03/msg00677.html> for the
RM's comments.

Well, how severe are the issues on 64-bit systems really?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-blender-maintainers/attachments/20070315/b7b9c517/attachment.pgp

More information about the Pkg-blender-maintainers mailing list