Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by narn.NetBSD.org (Postfix) with ESMTP id D574463B8BC for ; Sat, 17 May 2008 10:33:16 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 0) id 61B4D63B20E; Sat, 17 May 2008 10:33:16 +0000 (UTC) Received: from cvs.netbsd.org (unknown [IPv6:2001:4f8:4:7:2e0:81ff:fe25:eab4]) by mail.netbsd.org (Postfix) with ESMTP id 9707C63B12C for ; Sat, 17 May 2008 10:33:15 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 57EC5175D0; Sat, 17 May 2008 10:33:15 +0000 (UTC) From: Tonnerre Lombard Subject: CVS commit: pkgsrc/graphics/blender To: pkgsrc-changes@NetBSD.org Reply-To: tonnerre@netbsd.org Message-Id: <20080517103315.57EC5175D0@cvs.netbsd.org> Date: Sat, 17 May 2008 10:33:15 +0000 (UTC) Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes Precedence: list Module Name: pkgsrc Committed By: tonnerre Date: Sat May 17 10:33:15 UTC 2008 Modified Files: pkgsrc/graphics/blender: Makefile distinfo Added Files: pkgsrc/graphics/blender/patches: patch-ae patch-af patch-ag Log Message: Fix CVEs CVE-2008-1102 and CVE-2008-1102 for blender: - Fix arbitrary code execution vulnerability in .bend files which contain a crafted RGBE file (CVE-2008-1102). - Create various temporary files in safer paths (CVE-2008-1103). To generate a diff of this commit: cvs rdiff -r1.60 -r1.61 pkgsrc/graphics/blender/Makefile cvs rdiff -r1.23 -r1.24 pkgsrc/graphics/blender/distinfo cvs rdiff -r0 -r1.7 pkgsrc/graphics/blender/patches/patch-ae cvs rdiff -r0 -r1.6 pkgsrc/graphics/blender/patches/patch-af \ pkgsrc/graphics/blender/patches/patch-ag Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.