118163 2006-01-07 05:00 0000 media-gfx/blender: buffer overflow (CVE-2005-4470) 2006-01-12 23:22:25 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED B2 [glsa] DerCorny P2 normal --- 1 carlo@gentoo.org security@gentoo.org graphics@gentoo.org carlo@gentoo.org 2006-01-07 05:00:49 0000 Stumbled upon the Ubuntu advisory, so we're a bit late. Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4470 lu_zero@gentoo.org 2006-01-07 05:21:14 0000 the latest blender is available. dercorny@gentoo.org 2006-01-07 06:16:16 0000 arches, pls try to stable 2.40 - thx halcy0n@gentoo.org 2006-01-07 13:07:28 0000 x86 stable dertobi123@gentoo.org 2006-01-07 13:16:58 0000 Luca marked stable for ppc, removing us from CC blubb@gentoo.org 2006-01-08 08:02:14 0000 I keep getting ./usr/share/doc/ ./usr/share/doc/blender-2.40/ ./usr/share/doc/blender-2.40/COPYING.gz ./usr/share/doc/blender-2.40/INSTALL.gz ./usr/share/doc/blender-2.40/README.gz >>> Done. !!! CATEGORY info missing from info chunk, aborting... here, even after deleting the binpkg generated from FEATURES=buildpkg.. maybe someone else from amd64 can test this? I doubt it is related to blender blubb@gentoo.org 2006-01-10 11:08:52 0000 hparker confirmed that it works, so amd64 stable jaervosz@gentoo.org 2006-01-12 23:22:25 0000 GLSA 200601-08