[Secure-testing-team] CVE-2007-1253: blender: eval injection vulnerability in kmz_ImportWithMesh.py

Florian Ernst florian_ernst at gmx.net
Wed Mar 14 11:23:59 UTC 2007

Hello folks,

just FYI:

CVE-2007-1253 as e.g. summarised on

only affects testing/unstable. A fix is in preparation and will be
uploaded as 2.42a-6 to unstable from where it can easily propagate to

Upstream has decided to deal with this issue by simply dropping the
script in question in 2.43, and the blender package maintainers will
follow suit (2.43 will be also be uploaded to experimental soon, fwiw).

Stable/oldstable are not affected as this script was first introduced in
upstream 2.42, see e.g. upstream's cvs for background:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070314/34a7b28d/attachment.pgp

More information about the Secure-testing-team mailing list