Control: tags 857699 + security Control: clone 857699 -2 -3 Control: reassign -2 iortcw 1.42b+20150930+dfsg1-1 Control: reassign -3 openjk 0~20150430+dfsg1-1
On Tue, 14 Mar 2017 at 04:59:15 +0100, Daniel Gibson wrote: > earlier today ioquake3 fixed a vulnerability that, as far as I understand, > could let malicious multiplayer servers execute code on connecting clients. Thanks for reporting, I'll fix this ASAP. Looks like I need to teach ioquake3 upstream about coordinated disclosure, or remind them that their game is in distributions. > It affects all prior versions of ioquake3 (and I think also original Quake > 3). > Details: > https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/ cc'ing security team for information. No CVE ID yet, I assume ioquake3 upstream will be requesting one (or if not I will). S
