Your message dated Thu, 24 Feb 2005 20:47:07 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#295294: fixed in armagetron 0.2.7.0-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Feb 2005 21:29:16 +0000
>From [EMAIL PROTECTED] Mon Feb 14 13:29:15 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D0nmN-0006O9-00; Mon, 14 Feb 2005 13:29:15 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 77FAC181FA
for <[EMAIL PROTECTED]>; Mon, 14 Feb 2005 21:29:14 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 18B4C6E20E; Mon, 14 Feb 2005 16:31:34 -0500 (EST)
Date: Mon, 14 Feb 2005 16:31:34 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: multiple security holes (CAN-2005-0371 CAN-2005-0370 CAN-2005-0369)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="Nq2Wo0NMKNjxTN9z"
Content-Disposition: inline
X-Reportbug-Version: 3.7.1
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--Nq2Wo0NMKNjxTN9z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: armagetron
Version: 0.2.5.2-3.1
Severity: grave
Tags: security
This message describes multiple security holes in armagetron:
http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110811699206052&w=3D2
Bugs: A] crash caused by big descriptor ID (CAN-2005-0369)
B] crash caused by big claim_id (CAN-2005-0369)
C] socket unreacheable through empty packet (CAN-2005-0370)
D] fake players temporary freeze (CAN-2005-0371)
It's not clear whether the crashes allow for executing arbetrary code or
whether this is limited to a denial of service attack. Also, if it's right
that upstream is no longer supporting it, we may need to patch it ourselves
or drop the package.
Please reference the CAN numbers in any changelog entries fixing these hole=
s.
--=20
see shy jo
--Nq2Wo0NMKNjxTN9z
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCERi1d8HHehbQuO8RAnvQAJ9q+G51srYoA9B72adEgKG9NnZA1gCeJ1EL
rxfg4klxs+x3+DKFv6KcGRQ=
=RaZc
-----END PGP SIGNATURE-----
--Nq2Wo0NMKNjxTN9z--
---------------------------------------
Received: (at 295294-close) by bugs.debian.org; 25 Feb 2005 01:55:15 +0000
>From [EMAIL PROTECTED] Thu Feb 24 17:55:15 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D4UhH-00085h-00; Thu, 24 Feb 2005 17:55:15 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D4UZP-0007WM-00; Thu, 24 Feb 2005 20:47:07 -0500
From: Andreas Bombe <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#295294: fixed in armagetron 0.2.7.0-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 24 Feb 2005 20:47:07 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 6
Source: armagetron
Source-Version: 0.2.7.0-1
We believe that the bug you reported is fixed in the latest version of
armagetron, which is due to be installed in the Debian FTP archive:
armagetron-common_0.2.7.0-1_all.deb
to pool/main/a/armagetron/armagetron-common_0.2.7.0-1_all.deb
armagetron-server_0.2.7.0-1_i386.deb
to pool/main/a/armagetron/armagetron-server_0.2.7.0-1_i386.deb
armagetron_0.2.7.0-1.diff.gz
to pool/main/a/armagetron/armagetron_0.2.7.0-1.diff.gz
armagetron_0.2.7.0-1.dsc
to pool/main/a/armagetron/armagetron_0.2.7.0-1.dsc
armagetron_0.2.7.0-1_i386.deb
to pool/main/a/armagetron/armagetron_0.2.7.0-1_i386.deb
armagetron_0.2.7.0.orig.tar.gz
to pool/main/a/armagetron/armagetron_0.2.7.0.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Bombe <[EMAIL PROTECTED]> (supplier of updated armagetron package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 25 Feb 2005 01:48:20 +0100
Source: armagetron
Binary: armagetron-common armagetron-server armagetron
Architecture: source all i386
Version: 0.2.7.0-1
Distribution: unstable
Urgency: high
Maintainer: Andreas Bombe <[EMAIL PROTECTED]>
Changed-By: Andreas Bombe <[EMAIL PROTECTED]>
Description:
armagetron - 3D Tron-like high speed game
armagetron-common - Common files for the Armagetron packages
armagetron-server - Dedicated server for Armagetron
Closes: 243538 250070 263331 275838 290051 295294
Changes:
armagetron (0.2.7.0-1) unstable; urgency=high
.
* Apply security patch from upstream to fix out-of-bounds array access
(CAN-2005-0369) and DOS by empty UDP packets (CAN-2005-0370).
(closes: #295294)
* Acknowledge NMU. (closes: #263331)
* New upstream is Armagetron Advanced, change all references.
(closes: #275838)
* Fix contents of copyright file. Also fix upgrade from 0.1 versions of the
package by moving the /usr/share/doc directories out of the way to allow
them to be replaced with symlinks. (closes: #290051)
* Use absolute path in armagetron menu entry. (closes: #243538)
* Make the wrappers more robust with respect to directory creation.
(closes: #250070)
Files:
1512948c4fb1943427b5237ad201defc 747 games optional armagetron_0.2.7.0-1.dsc
4d32b8909f9dec09d57f3e026c9fa601 7600741 games optional
armagetron_0.2.7.0.orig.tar.gz
94c37961204030c9848380dedabb9069 13053 games optional
armagetron_0.2.7.0-1.diff.gz
9b532218b2a305e828bfa309c2ff9944 106600 games optional
armagetron-common_0.2.7.0-1_all.deb
046e94ba8036e7a9daf344f77002cbd4 1083130 games optional
armagetron_0.2.7.0-1_i386.deb
61ac7668f1f9245615ef18c7f88e91c6 430724 games optional
armagetron-server_0.2.7.0-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCHn3SEYFwMgSICkQRAr7QAJ9H5KibvIULXIIU38g1DN0PNXg+xACgpX82
ZmK28tYe+35UhiC0N0IfzF0=
=FOEO
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
