Package: armagetron Version: 0.2.5.2-3.1 Severity: grave Tags: security This message describes multiple security holes in armagetron: http://marc.theaimsgroup.com/?l=bugtraq&m=110811699206052&w=2 Bugs: A] crash caused by big descriptor ID (CAN-2005-0369) B] crash caused by big claim_id (CAN-2005-0369) C] socket unreacheable through empty packet (CAN-2005-0370) D] fake players temporary freeze (CAN-2005-0371)
It's not clear whether the crashes allow for executing arbetrary code or whether this is limited to a denial of service attack. Also, if it's right that upstream is no longer supporting it, we may need to patch it ourselves or drop the package. Please reference the CAN numbers in any changelog entries fixing these holes. -- see shy jo
signature.asc
Description: Digital signature
