Subject: CVS commit: [pkgsrc-2008Q1] pkgsrc/graphics/blender
From: Matthias Scheler
Date: 2008-05-19 19:35:17
Message id: 20080519173517.86699175D0@cvs.netbsd.org
Log Message:
Pullup ticket 2386 - requested by tonnerre
security update for blender

Revisions pulled up:
- graphics/blender/Makefile		1.61
- graphics/blender/patches/patch-ae	1.7
- graphics/blender/distinfo		1.24
- graphics/blender/patches/patch-af	1.6
- graphics/blender/patches/patch-ag	1.6

    Module Name:	pkgsrc
    Committed By:	tonnerre
    Date:		Sat May 17 10:33:15 UTC 2008

    Modified Files:
    	pkgsrc/graphics/blender: Makefile distinfo
    Added Files:
    	pkgsrc/graphics/blender/patches: patch-ae patch-af patch-ag

    Log Message:
    Fix CVEs CVE-2008-1102 and CVE-2008-1102 for blender:
     - Fix arbitrary code execution vulnerability in .bend files which
    contain a crafted RGBE file (CVE-2008-1102).
     - Create various temporary files in safer paths (CVE-2008-1103).
Files:
RevisionActionfile
1.60.2.1modifypkgsrc/graphics/blender/Makefile
1.23.2.1modifypkgsrc/graphics/blender/distinfo
1.6.2.1addpkgsrc/graphics/blender/patches/patch-ae
1.5.2.1addpkgsrc/graphics/blender/patches/patch-af
1.5.2.1addpkgsrc/graphics/blender/patches/patch-ag