Package: alien-arena Version: 6.05-1 Severity: serious Tags: security Hi, two CVEs had been issued against alien-arena: CVE-2007-4754[0]: Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname.
CVE-2007-4755[1]: Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged paket from the server to a client. NOTE: client IP addresses are available via product-specific queries. If you fix this issue please include the CVE id in your changelog. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4754 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4755 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpBkTTYHgLNB.pgp
Description: PGP signature
