On Wed, Dec 19, 2012 at 01:38:30PM +0200, Marko Lindqvist wrote: > On 19 December 2012 09:02, Moritz Muehlenhoff <j...@inutil.org> wrote: > > Package: freeciv > > Severity: important > > Tags: security > > > > Hi, > > please see http://aluigi.altervista.org/adv/freecivet-adv.txt > > That's two issues... > > > Bug: http://gna.org/bugs/?20003 > > ... reported in one freeciv ticket. > > That CVE is a bit unfortunate that it (currently) has description > containing both parts but fix provided is only one part. I think it's > quite likely that they will assign new CVE for the other half to sort > this out. > > > Fix: http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21670 > > Patch from stable S2_3 branch (where 2.3.x releases come from): > http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21672 > > And the other fix not listed in CVE: trunk: > http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21701 / > S2_3: http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21703
FTR, the additional issue has been assigned CVE-2012-6083: http://www.openwall.com/lists/oss-security/2012/12/31/2 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
