Stumbled upon the Ubuntu advisory, so we're a bit late. Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4470
the latest blender is available.
arches, pls try to stable 2.40 - thx
x86 stable
Luca marked stable for ppc, removing us from CC
I keep getting ./usr/share/doc/ ./usr/share/doc/blender-2.40/ ./usr/share/doc/blender-2.40/COPYING.gz ./usr/share/doc/blender-2.40/INSTALL.gz ./usr/share/doc/blender-2.40/README.gz >>> Done. !!! CATEGORY info missing from info chunk, aborting... here, even after deleting the binpkg generated from FEATURES=buildpkg.. maybe someone else from amd64 can test this? I doubt it is related to blender
hparker confirmed that it works, so amd64 stable
GLSA 200601-08