[Secure-testing-commits] r4208 - in data/DTSA: . advs
Neil McGovern
neilm at costa.debian.org
Wed Jun 14 13:58:27 UTC 2006
Author: neilm
Date: 2006-06-14 13:58:26 +0000 (Wed, 14 Jun 2006)
New Revision: 4208
Added:
data/DTSA/advs/29-blender.adv
Modified:
data/DTSA/list
Log:
Adding new Blender dtsa
Added: data/DTSA/advs/29-blender.adv
===================================================================
--- data/DTSA/advs/29-blender.adv 2006-06-14 09:14:26 UTC (rev 4207)
+++ data/DTSA/advs/29-blender.adv 2006-06-14 13:58:26 UTC (rev 4208)
@@ -0,0 +1,19 @@
+source: Blender
+date: June 15th, 2006
+author: Neil McGovern
+vuln-type: heap-based buffer overflow
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2005-4470
+testing-fix: 2.37a-1.1etch1
+sid-fix: 2.40-1
+upgrade: apt-get install blender
+
+A heap-based buffer overflow vulnerability was discovered by Damian Put in
+Blender BlenLoader 2.0 through 2.40pre which allows remote attackers to cause a
+denial of service (application crash) and possibly execute arbitrary code via a
+.blend file with a negative bhead.len value, which causes less memory to be
+allocated than expected, possibly due to an integer overflow.
+
+Please note, this issue has already been fixed in stable in security
+announcement DSA-1039-1
Modified: data/DTSA/list
===================================================================
--- data/DTSA/list 2006-06-14 09:14:26 UTC (rev 4207)
+++ data/DTSA/list 2006-06-14 13:58:26 UTC (rev 4208)
@@ -78,3 +78,7 @@
[January 25th, 2005] DTSA-28-1 gpdf - multiple vulnerabilities
{CVE-2005-2097 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 }
- gpdf 2.10.0-1+etch1
+[June 15th, 2006] DTSA-29-1 Blender - heap-based buffer overflow
+ {CVE-2005-4470 }
+ - Blender 2.37a-1.1etch1
+ TODO: unreleased
More information about the Secure-testing-commits
mailing list