[Pkg-blender-maintainers] CVE-2007-1253: Eval injection
vulnerability in kmz_ImportWithMesh.py
Florian Ernst
florian_ernst at gmx.net
Sat Mar 17 19:36:53 CET 2007
On Fri, Mar 16, 2007 at 12:25:26PM +0100, Cyril Brulebois wrote:
> I doubt that. Did we have any single bugreport from people using it on
> amd64 (which I believe is the most common 64-bit arch)? Not a single
> one. All we get is X bugs... So I'd say that it is realasable as-is,
> with proper indications of why it might be problematic.
> [...]
> I can understand that RMs want to drop it, but it's quite sad that
> there's no single case were it causes problem (yet, at least)...
The RMs want to drop blender on 64-bit archs _if_ it is really in an
unreleasable state. As we don't think it is there isn't that much to
worry about at the moment, so let's just keep blender as is, i.e. at
2.42a-5 and focus on getting 2.43 in experimental. :)
I'll get in contact with the security team(s) about whether they want to
fix CVE-2007-1253 via a D(T)SA.
Cheers,
Flo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-blender-maintainers/attachments/20070317/0a751c53/attachment.pgp
More information about the Pkg-blender-maintainers
mailing list