From a00b66684f097c4931a156b10173e03134518f64 Mon Sep 17 00:00:00 2001
From: Neil McGovern <neilm@debian.org>
Date: Wed, 14 Jun 2006 13:58:26 +0000
Subject: Adding new Blender dtsa

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4208 e39458fd-73e7-0310-bf30-c45bca0a0e42
---
 data/DTSA/advs/29-blender.adv | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 data/DTSA/advs/29-blender.adv

(limited to 'data/DTSA/advs')

diff --git a/data/DTSA/advs/29-blender.adv b/data/DTSA/advs/29-blender.adv
new file mode 100644
index 0000000000..136d299218
--- /dev/null
+++ b/data/DTSA/advs/29-blender.adv
@@ -0,0 +1,19 @@
+source: Blender
+date: June 15th, 2006
+author: Neil McGovern
+vuln-type: heap-based buffer overflow
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2005-4470
+testing-fix: 2.37a-1.1etch1
+sid-fix: 2.40-1
+upgrade: apt-get install blender
+
+A heap-based buffer overflow vulnerability was discovered by Damian Put in
+Blender BlenLoader 2.0 through 2.40pre which allows remote attackers to cause a
+denial of service (application crash) and possibly execute arbitrary code via a
+.blend file with a negative bhead.len value, which causes less memory to be
+allocated than expected, possibly due to an integer overflow.
+
+Please note, this issue has already been fixed in stable in security
+announcement DSA-1039-1
-- 
cgit v1.2.3