Hi, Am Donnerstag, den 31.12.2020, 10:36 +0200 schrieb Marko Lindqvist: > Package: freeciv > Version: 2.6.2.1-2 > Tags: Security > > Freeciv server has a buffer overflow vulnerability, if it reads > tailored score log file. > Score log functionality is not enabled by default, and it's rarely enabled. > Freeciv-2.6.3 to be released later tonight will contain a fix. I'll > send link to upstream ticket once it is available.
If you consider this bug security relevant, I suggest to request a CVE identifier from Mitre to inform other vendors about the problem too. Debian bug #978744 sounds like a remote denial-of-service vulnerability. Another CVE should be requested for this one. https://cveform.mitre.org/ Regards, Markus
signature.asc
Description: This is a digitally signed message part
