[Pkg-blender-maintainers] CVE-2007-1253: Eval injection
vulnerability in kmz_ImportWithMesh.py
Florian Ernst
florian_ernst at gmx.net
Wed Mar 14 01:14:10 CET 2007
Hello folks,
<http://idssi.enyo.de/tracker/CVE-2007-1253>:
| Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for
| Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted
| remote attackers to execute arbitrary Python code by importing a crafted
| (1) KML or (2) KMZ file.
CVE-2007-1253 apparently is addressed in 2.43. However, Etch will ship
with 2.42a, so will this issue warrant another update? I.e., is anyone
working on this?
Cheers,
Flo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-blender-maintainers/attachments/20070314/400d3f38/attachment.pgp
More information about the Pkg-blender-maintainers
mailing list