Author: gilbert-guest Date: 2009-11-06 15:15:21 +0000 (Fri, 06 Nov 2009) New Revision: 13223 Modified: data/CVE/list Log: new blender issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-11-06 14:41:00 UTC (rev 13222) +++ data/CVE/list 2009-11-06 15:15:21 UTC (rev 13223) @@ -24,8 +24,13 @@ NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0 CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of ...) NOT-FOR-US: Sun Solaris 10 -CVE-2009-3850 +CVE-2009-3850 [blender: arbitrary command execution] RESERVED + - blender <unfixed> (low) + TODO: determine whether this is a no-dsa issue. + NOTE: attack vector is social engineering to get the user to open + NOTE: a malicious .blend file. by design, blend files support + NOTE: all python operations, so ultimately any code can be executed CVE-2009-3849 RESERVED CVE-2009-3848