Comment 5 for bug 222592

I've just merged 2.45-5 from Debian unstable, which addresses this.
Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference:
   * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr
     function allows user-assisted remote attackers to execute arbitrary
     code via a .blend file that contains a crafted Radiance RGBE image.”
     Add upstream patch as pointed to by Tomas Hoger <email address hidden>
     (thanks!), which basically adds a check on sscanf() return code and
     limits the size of accepted %s parameters (Closes: #477808):
      - 30_fix_CVE-2008-1102.