[SECURITY] [DSA 5176-1] blender security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5176-1] blender security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 4 Jul 2022 19:06:10 +0000
Message-id: <[🔎] 20220704190610.GB14861@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5176-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 04, 2022                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : blender
CVE ID         : CVE-2022-0544 CVE-2022-0545 CVE-2022-0546

Multiple vulnerabilities have been discovered in various image parsers in
Blender, a 3D modeller/ renderer, which may result in denial of service
of the execution of arbitrary code if a malformed file is opened.

For the oldstable distribution (buster), these problems have been fixed
in version 2.79.b+dfsg0-7+deb10u1.

For the stable distribution (bullseye), these problems have been fixed in
version 2.83.5+dfsg-5+deb11u1.

We recommend that you upgrade your blender packages.

For the detailed security status of blender please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/blender

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLDOLoACgkQEMKTtsN8
TjZKpxAAlbJc9ntBoEe1fcxqfEfyVyF7ypbCsf+75uBtuGarBORx16P5cunX1fq6
fvIsRaPsaqjKPBRbPFwaWuMtLrtg28vXDvU/X3hil9xzXwlvD1Ljhd6aSLcpTN3s
+kHxaTMbm0FJs9Akvol3rGm+3LF7eMDipGZ6BfE7tkcjO+ABNMQzHnVuytCf0p1l
pGJJUCCWk23esBMnJpr7ba8pT1GJrSCPxYaNKozwDgA/AwSNPj2eHDh+W3if9ke8
ygo2U+3QrF5NYL4MQhPmqIEYBGCRTE9FT89jTXU8HItAKubvEAZAdXO147nuPgVf
Fia7Frpb3loB6UJJHWBRVYh781VnqeQZdAW7iGISZQVHKBMJ29n0gp5lDh6Uxtlx
thtxglj9bjjpySvvj7F1iC+R50Inmee9PsJbkf+bjv/prTEc6C+V9ZoAzQyQHr4N
dmFCwe5OrCM5EZybH/pj+6HXA/v7XmTshpQv/a1erUVYiRYTO1T9hsSJDvROcI9F
rPYR+3OaYRkBB68hYSFIGR5dw3EO81Te96jJkruQUKBSgIz2SM5nQn1BXjJ6NKJu
6IzeEgo+tVeIxD0dvmVE9AcQC5O/BPrIFe+5eaohGdA2uJN0wC3U5YrCYE8J0/OK
0HqEePKuQvLJW3yKwQxpTCtAPyoTfBn7rySE0NctgYsXy1JkELs=
=0ETO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5175-1] thunderbird security update
Next by Date: [SECURITY] [DSA 5177-1] ldap-account-manager security update
Previous by thread: [SECURITY] [DSA 5175-1] thunderbird security update
Next by thread: [SECURITY] [DSA 5177-1] ldap-account-manager security update
Index(es):
- Date
- Thread