[Secure-testing-commits] r13223 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Fri Nov 6 15:15:22 UTC 2009
Author: gilbert-guest
Date: 2009-11-06 15:15:21 +0000 (Fri, 06 Nov 2009)
New Revision: 13223
Modified:
data/CVE/list
Log:
new blender issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-06 14:41:00 UTC (rev 13222)
+++ data/CVE/list 2009-11-06 15:15:21 UTC (rev 13223)
@@ -24,8 +24,13 @@
NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0
CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of ...)
NOT-FOR-US: Sun Solaris 10
-CVE-2009-3850
+CVE-2009-3850 [blender: arbitrary command execution]
RESERVED
+ - blender <unfixed> (low)
+ TODO: determine whether this is a no-dsa issue.
+ NOTE: attack vector is social engineering to get the user to open
+ NOTE: a malicious .blend file. by design, blend files support
+ NOTE: all python operations, so ultimately any code can be executed
CVE-2009-3849
RESERVED
CVE-2009-3848
More information about the Secure-testing-commits
mailing list