After the recent security report by Cisco about integer overflow vulnerabilites in Blender, the Blender developers started working on the issues. Here's a report on the fixes.
Ton Roosendaal writes:
In the past 4 days Brecht Van Lommel has provided fixes for the vulnerabilities reported by Cisco in Blender.
The fixes were reviewed by the other core team members, especially by Campbell Barton and Sergey Sharybin.
In short; what's fixed is the vulnerability for integer overflows based on settings saved in .blend files, and vulnerabilities in our code for reading image files.
Please note it doesn't mean Blender is anything like "safe" now. It remains important to only open Blender files from trusted sources. We still think that real and sensible security (if you want .blend files safe to be spread anonymously) is a project with a magnitude that's outside of the scope of what we can handle. For that we welcome contributions from the industry!
A Blender 2.79a release is expected this month.