Bug#349653: xmame: exploitable buffer overflows [CVE-2006-0176]

Wed, 05 Apr 2006 06:08:44 -0700 

On Wed, 2006-04-05 at 11:22 +0200, Moritz Muehlenhoff wrote:
> Steve Langasek wrote:
> > On Wed, Apr 05, 2006 at 11:00:16AM +0200, Moritz Muehlenhoff wrote:
> > > Steve Langasek wrote:
> > > > > > This bug has been pending for more than two months and no fix in 
> > > > > > Debian
> > > > > > yet... Does Bruno still track his bugs?
> > 
> > > > > > Here is two patches for both Sarge and Sid versions.
> > 
> > > > > > Pierre Riteau
> > 
> > > > > > (CC'ing [EMAIL PROTECTED] for the stable fix, and the
> > > > > > Co-Maintainer as I don't know if he receives BTS replies)
> > > > > > (Email address in previous message for tagging is wrong, I was 
> > > > > > playing
> > > > > > with bts thinking it wouldn't commit the changes)
> > 
> > > > > Xmame is non-free and thus not supported by the Security Team.
> > > > > (Only the relatively obscure -svgalib version is affected, anyway.)
> > 
> > > > Is it the case that this bug doesn't affect the other frontends *at 
> > > > all*, or
> > > > just that, not being suid root, it's just an arbitrary code execution 
> > > > bug
> > > > instead of a root exploit?
> > 
> > > It's a local vulnerability, the only security ramification would be a 
> > > privilege escalation:
> > 
> > If untrusted input can trigger arbitrary code execution, then that still has
> > security implications.  I don't think that most users only use trusted ROMs
> > with xmame. :)
> 
> Yeah, but according to the original advisory the overflows are in args 
> parsing.
> (It could be possible that these values can somehow be influenced from a 
> crafted
> ROM, though.)
> 
> Cheers,
>         Moritz
> 

Hi,

        Sorry for the delay in this reply.

Timeline:

26 Mar 2006: I submitted a NEW package (xmame-1.0.4) with xmess-SDL.

Sun, 02 Apr 2006: xmame_0.104-1_i386.changes REJECTED (Due to a minor
mistake)

Sun, 02 Apr 2006: xmame_0.104-1_i386.changes is NEW (Fixed the mistake
and uploaded the new package).

Changelog:
* New upstream release.
  * Fixed exploitable buffer overflows [CVE-2006-0176].
    (closes: #349653)
  * Added xmess-sdl binary package. (closes: #340460)
Announcing to debian-devel-changes@lists.debian.org
Closing bugs: 340460 349653 

So, please be patient.

Thanks,
Bruno.
-- 
"In this life, we are Kings or Pawns. Emperors or Fools."

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to