August 2018 - Design Suite - Fedora Mailing-Lists

[Bug 1610833] New: CVE-2017-2905 blender: Integer Overflow in the animation playing functionality

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610833 Bug ID: 1610833 Summary: CVE-2017-2905 blender: Integer Overflow in the animation playing functionality Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: lpardo(a)redhat.com CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
1
0 / 0

[Bug 1610832] New: CVE-2017-2906 blender: Integer Overflow in the animation playing functionality [epel-7]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610832 Bug ID: 1610832 Summary: CVE-2017-2906 blender: Integer Overflow in the animation playing functionality [epel-7] Product: Fedora EPEL Version: epel7 Component: blender Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: luya_tfz(a)thefinalzone.net Reporter: lpardo(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

[Bug 1610831] New: CVE-2017-2905 blender: Integer Overflow in the animation playing functionality

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610831 Bug ID: 1610831 Summary: CVE-2017-2905 blender: Integer Overflow in the animation playing functionality Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: lpardo(a)redhat.com CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
1
0 / 0

[Bug 1610828] New: CVE-2017-2905 blender: Integer Overflow in the bmp loading functionality

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610828 Bug ID: 1610828 Summary: CVE-2017-2905 blender: Integer Overflow in the bmp loading functionality Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: lpardo(a)redhat.com CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
1
0 / 0

[Bug 1610829] New: CVE-2017-2905 blender: Integer Overflow in the bmp loading functionality [epel-7]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610829 Bug ID: 1610829 Summary: CVE-2017-2905 blender: Integer Overflow in the bmp loading functionality [epel-7] Product: Fedora EPEL Version: epel7 Component: blender Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: luya_tfz(a)thefinalzone.net Reporter: lpardo(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

[Bug 1610827] New: CVE-2017-2904 blender: Integer Overflow in the RADIANCE loading functionality [epel-7]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610827 Bug ID: 1610827 Summary: CVE-2017-2904 blender: Integer Overflow in the RADIANCE loading functionality [epel-7] Product: Fedora EPEL Version: epel7 Component: blender Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: luya_tfz(a)thefinalzone.net Reporter: lpardo(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

[Bug 1610826] New: CVE-2017-2903 blender: Integer Overflow in the RADIANCE loading functionality

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610826 Bug ID: 1610826 Summary: CVE-2017-2903 blender: Integer Overflow in the RADIANCE loading functionality Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: lpardo(a)redhat.com CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
1
0 / 0

[Bug 1610824] New: CVE-2017-2903 blender: Integer Overflow in logImageOpenFromMemory [epel-7]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610824 Bug ID: 1610824 Summary: CVE-2017-2903 blender: Integer Overflow in logImageOpenFromMemory [epel-7] Product: Fedora EPEL Version: epel7 Component: blender Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: luya_tfz(a)thefinalzone.net Reporter: lpardo(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

[Bug 1610823] New: CVE-2017-2903 blender: Integer Overflow in logImageOpenFromMemory

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610823 Bug ID: 1610823 Summary: CVE-2017-2903 blender: Integer Overflow in logImageOpenFromMemory Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: lpardo(a)redhat.com CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
1
0 / 0

[Bug 1610820] New: CVE-2017-2902 blender: Integer Overflow in DPX loading

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1610820 Bug ID: 1610820 Summary: CVE-2017-2902 blender: Integer Overflow in DPX loading Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: lpardo(a)redhat.com CC: design-devel(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com, promac(a)gmail.com An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Design Suite August 2018