Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 217694

Summary: media-gfx/blender Multiple vulnerabilities (CVE-2008-{1102,1103})
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: lu_zero
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [upstream] CONFIDENTIAL 2008-04-30
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-04-14 18:01:45 UTC
CVE-2008-1102: Radiance RGBE Buffer Overflow when processing (*.hdr) files.
CVE-2008-1103: Temporary file issues

SAID: SA29818 (http://secunia.com/advisories/29818/)
Credit: Stefan Cornelius, Secunia Research

Upstream contacted

Please note that this issue is under embargo until 2008-04-30. Do not commit anything to CVS and keep any information confidential until that date.
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-22 11:29:45 UTC
CVE-2008-1102 appears to be public now
SECUNIA advisory: http://secunia.com/advisories/29818/

SVN Changelog for CVE-2008-1102: http://projects.blender.org/plugins/scmsvn/viewcvs.php/trunk/blender/source/blender/imbuf/intern/radiance_hdr.c?root=bf-blender&view=log

I did not see anything about -1103 yet.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-05-03 19:44:53 UTC
Opening since all info in here is public, but marking as a dupe.

*** This bug has been marked as a duplicate of bug 219008 ***