Ubuntu
blender package

Debdiff for CVE-2007-1253 for blender in edgy

Bug #99062 reported by Michael Bienia on 2007-03-30

2

Affects		Status	Importance	Assigned to	Milestone
	blender (Ubuntu)	Invalid	Undecided	Unassigned
	Breezy	Invalid	Undecided	Unassigned
	Dapper	Invalid	Undecided	Unassigned
	Edgy	Fix Released	Undecided	Kees Cook
	Feisty	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: blender

Here is a debdiff for blender 2.42a-1ubuntu1.1 targeting edgy-security.

This is the same fix for blender as in Debian unstable and testing: remove the affected script (it's gone in blender 2.43).

CVE References

2007-1253

Revision history for this message

Michael Bienia (geser) wrote on 2007-03-30:

#1

Debdiff for edgy Edit (1.1 KiB, text/plain)

Revision history for this message

Kees Cook (kees) wrote on 2007-03-30:

#2

Is this fixed in feisty? Is removing that script the right way to solve the problem?

Revision history for this message

Kees Cook (kees) wrote on 2007-03-30:

#3

Ah-ha, it was removed upstream too:

http://wiki.blender.org/index.php/Release_Notes/Notes243/Python_Scripts

Changed in blender:
status:	Unconfirmed → Fix Released
status:	Fix Released → Rejected

Revision history for this message

Kees Cook (kees) wrote on 2007-03-30:

#4

Building now! Thanks for the debdiff. :)

Changed in blender:
assignee:	nobody → keescook
status:	Unconfirmed → Fix Committed
status:	Fix Released → Rejected

Revision history for this message

Kees Cook (kees) wrote on 2007-03-30:

#5

Script does not exist in Breezy or Dapper either.

Changed in blender:
status:	Unconfirmed → Rejected
status:	Unconfirmed → Rejected

Revision history for this message

Michael Bienia (geser) wrote on 2007-03-30:

#6

Feisty is not vulnerable as the script was removed again in blender 2.43.
According to http://lists.alioth.debian.org/pipermail/pkg-blender-maintainers/2007-March/000191.html the script was introduced in blender 2.42 (I've also check blender in dapper and breezy and couldn't find such a named file).

Debian removed this file in the uploads to unstable and testing as fix. See
http://packages.qa.debian.org/b/blender/news/20070328T104704Z.html
http://packages.qa.debian.org/b/blender/news/20070327T220204Z.html
http://lists.alioth.debian.org/pipermail/pkg-blender-maintainers/2007-March/000189.html

As blender 2.42 is not part of Debian stable, they don't need to fix it there.

Revision history for this message

Kees Cook (kees) wrote on 2007-03-30:

#7

Great! Thanks for the additional notes. I've got this uploaded to the security buildds, and I'll publish it as soon as it finished building there.

Revision history for this message

Kees Cook (kees) wrote on 2007-03-31:

#8

This should appear on the archives shortly. Thanks again!

Changed in blender:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Debdiff for edgy Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.