Package: bomberclone Severity: grave Tags: security Justification: user security hole
Multiple Vulnerabilities have been found in Bomberclone: The do_gameinfo functionin BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory. http://secunia.com/advisories/21303 lists 0.11.6.2 as vulnerable See http://aluigi.altervista.org/adv/bcloneboom-adv.txt for details. Please mention the CVE-id in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
