217694 – media-gfx/blender Multiple vulnerabilities (CVE-2008-{1102,1103})

Bug 217694 - media-gfx/blender Multiple vulnerabilities (CVE-2008-{1102,1103})

Summary: media-gfx/blender Multiple vulnerabilities (CVE-2008-{1102,1103})

Status:	RESOLVED DUPLICATE of bug 219008

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [upstream] CONFIDENTIAL 2008-04-30
Keywords:

Depends on:
Blocks:

Reported:	2008-04-14 18:01 UTC by Robert Buchholz (RETIRED)
Modified:	2008-05-03 19:44 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-04-14 18:01:45 UTC

CVE-2008-1102: Radiance RGBE Buffer Overflow when processing (*.hdr) files.
CVE-2008-1103: Temporary file issues

SAID: SA29818 (http://secunia.com/advisories/29818/)
Credit: Stefan Cornelius, Secunia Research

Upstream contacted

Please note that this issue is under embargo until 2008-04-30. Do not commit anything to CVS and keep any information confidential until that date.

Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev

2008-04-22 11:29:45 UTC

CVE-2008-1102 appears to be public now
SECUNIA advisory: http://secunia.com/advisories/29818/

SVN Changelog for CVE-2008-1102: http://projects.blender.org/plugins/scmsvn/viewcvs.php/trunk/blender/source/blender/imbuf/intern/radiance_hdr.c?root=bf-blender&view=log

I did not see anything about -1103 yet.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-05-03 19:44:53 UTC

Opening since all info in here is public, but marking as a dupe.

*** This bug has been marked as a duplicate of bug 219008 ***