Adding new Blender dtsa

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4208 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Neil McGovern <neilm@debian.org> 2006-06-14 13:58:26 +0000
committer: Neil McGovern <neilm@debian.org> 2006-06-14 13:58:26 +0000
commit: a00b66684f097c4931a156b10173e03134518f64 (patch)
tree: 404ff66973db96002984f9777487454a07b3e849 /data/DTSA/advs
parent: 8795d21eeb7592b4a382d4fd570bcc07938aac1d (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/data/DTSA/advs/29-blender.adv b/data/DTSA/advs/29-blender.adv
new file mode 100644
index 0000000000..136d299218
--- /dev/null
+++ b/data/DTSA/advs/29-blender.adv
@@ -0,0 +1,19 @@
+source: Blender
+date: June 15th, 2006
+author: Neil McGovern
+vuln-type: heap-based buffer overflow
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2005-4470
+testing-fix: 2.37a-1.1etch1
+sid-fix: 2.40-1
+upgrade: apt-get install blender
+
+A heap-based buffer overflow vulnerability was discovered by Damian Put in
+Blender BlenLoader 2.0 through 2.40pre which allows remote attackers to cause a
+denial of service (application crash) and possibly execute arbitrary code via a
+.blend file with a negative bhead.len value, which causes less memory to be
+allocated than expected, possibly due to an integer overflow.
+
+Please note, this issue has already been fixed in stable in security
+announcement DSA-1039-1
author	Neil McGovern <neilm@debian.org>	2006-06-14 13:58:26 +0000
committer	Neil McGovern <neilm@debian.org>	2006-06-14 13:58:26 +0000
commit	a00b66684f097c4931a156b10173e03134518f64 (patch)
tree	404ff66973db96002984f9777487454a07b3e849 /data/DTSA/advs
parent	8795d21eeb7592b4a382d4fd570bcc07938aac1d (diff)