==========================================================Ubuntu Security Notice USN-238-2 January 06, 2006
A security issue affects the following Ubuntu releases:
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
The problem can be corrected by upgrading the affected package to
version 2.37a-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
The original advisory in USN-238-1 accidentially contained a wrong CVE
number and advisory text. We apologize for this error.
Damian Put discovered that Blender did not properly validate a
'length' value in .blend files. Negative values led to an
insufficiently sized memory allocation. By tricking a user into
opening a specially crafted .blend file, this could be exploited to
execute arbitrary code with the privileges of the Blender user.