Ubuntu
blender package

[CVE-2008-1103] Multiple temporary files vulnerabilities

Bug #227345 reported by Till Ulen on 2008-05-06

260

Affects		Status	Importance	Assigned to	Milestone
	blender (Ubuntu)	Invalid	High	Unassigned
	Dapper	Invalid	Undecided	Unassigned
	Feisty	Won't Fix	Undecided	Unassigned
	Gutsy	Invalid	Undecided	Unassigned
	Hardy	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: blender

CVE-2008-1103 description:

'Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues." '

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1103
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html

I have no idea whether this is the same problem as that described in bug #6671. If you know that it is, please mark this bug as a duplicate of bug 6671. Until then this bug can serve as a reminder that CVE-2008-1103 might be a separate set of problems that need fixing.

See original description

CVE References

2008-1103

Till Ulen (tillulen) on 2008-05-06

description:

updated

Revision history for this message

Till Ulen (tillulen) wrote on 2008-05-13:

#1

Fixed by Gentoo in GLSA 200805-12 <http://www.gentoo.org/security/en/glsa/glsa-200805-12.xml>.

Revision history for this message

Daniel Hahler (blueyed) wrote on 2008-05-28:

#2

Thanks for filing this bug. It sounds like bug 6671.
Can you link to any patches?

Changed in blender:
importance:	Undecided → High
status:	New → Incomplete

Revision history for this message

Daniel Hahler (blueyed) wrote on 2008-05-28:

#3

Sounds a bit like http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298167, which appears to have been fixed in Debian in 2.45-2, so for Ubuntu since Hardy - while bug 6671 states it for Hardy.

Let's use this bug to track the CVE state, which is really vague - and/or I've not looked too much around for a patch. At least the 2.46 upstream changelog (html page) does not contain the word "security".

Changed in blender:
status:	Incomplete → Triaged

Revision history for this message

Hew (hew) wrote on 2008-12-15:

#4

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in blender:
status:	New → Won't Fix

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2008-12-22:

#5

This was actually fixed by Debian in 2.40-1, so none of our releases are affected.

Changed in blender:
status:	New → Invalid
status:	New → Invalid
status:	New → Invalid
status:	Triaged → Invalid

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #298167
[done wishlist patch] Edit

Bug watches keep track of this bug in other bug trackers.