Hi, attached is updated version of the patch which fixes similar format string bugs in the same file. Kind regards Nico
-- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u alien-arena-6.05/debian/patches/00list alien-arena-6.05/debian/patches/00list
--- alien-arena-6.05/debian/patches/00list
+++ alien-arena-6.05/debian/patches/00list
@@ -5,0 +6 @@
+fix-CVE-2007-4754-CVE-2007-4755.dpatch
diff -u alien-arena-6.05/debian/changelog alien-arena-6.05/debian/changelog
--- alien-arena-6.05/debian/changelog
+++ alien-arena-6.05/debian/changelog
@@ -1,3 +1,12 @@
+alien-arena (6.05-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing security team.
+ * Included fix-CVE-2007-4754-CVE-2007-4755.dpatch to
+ fix format string vulnerability and possible denial of service
+ via client_connect (CVE-2007-4754, CVE-2007-4755) (Closes: #442075).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sat, 15 Sep 2007 02:39:15 +0200
+
alien-arena (6.05-4) unstable; urgency=low
[ Andres Mejia ]
only in patch2:
unchanged:
--- alien-arena-6.05.orig/debian/patches/fix-CVE-2007-4754-CVE-2007-4755.dpatch
+++ alien-arena-6.05/debian/patches/fix-CVE-2007-4754-CVE-2007-4755.dpatch
@@ -0,0 +1,78 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix-CVE-2007-4754-CVE-2007-4755.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad alien-arena-6.05~/source/game/acesrc/acebot_cmds.c alien-arena-6.05/source/game/acesrc/acebot_cmds.c
+--- alien-arena-6.05~/source/game/acesrc/acebot_cmds.c 2007-03-24 03:28:55.000000000 +0100
++++ alien-arena-6.05/source/game/acesrc/acebot_cmds.c 2007-09-15 16:37:24.000000000 +0200
+@@ -142,7 +142,7 @@
+ va_end (argptr);
+
+ if (dedicated->value)
+- gi.cprintf(NULL, PRINT_MEDIUM, bigbuffer);
++ gi.cprintf(NULL, PRINT_MEDIUM, "%s", bigbuffer);
+
+ for (i=0 ; i<maxclients->value ; i++)
+ {
+@@ -150,7 +150,7 @@
+ if (!cl_ent->inuse || cl_ent->is_bot)
+ continue;
+
+- gi.cprintf(cl_ent, PRINT_MEDIUM, bigbuffer);
++ gi.cprintf(cl_ent, PRINT_MEDIUM, "%s", bigbuffer);
+ }
+
+ }
+@@ -171,7 +171,7 @@
+ len = vsprintf (bigbuffer,fmt,argptr);
+ va_end (argptr);
+
+- gi.cprintf(ent, printlevel, bigbuffer);
++ gi.cprintf(ent, printlevel, "%s", bigbuffer);
+
+ }
+
+@@ -191,7 +191,7 @@
+ len = vsprintf (bigbuffer,fmt,argptr);
+ va_end (argptr);
+
+- gi.centerprintf(ent, bigbuffer);
++ gi.centerprintf(ent,"%s", bigbuffer);
+
+ }
+
+@@ -211,7 +211,7 @@
+ va_end (argptr);
+
+ if (dedicated->value)
+- gi.cprintf(NULL, printlevel, bigbuffer);
++ gi.cprintf(NULL, printlevel, "%s", bigbuffer);
+
+ for (i=0 ; i<maxclients->value ; i++)
+ {
+@@ -219,7 +219,7 @@
+ if (!cl_ent->inuse || cl_ent->is_bot)
+ continue;
+
+- gi.cprintf(cl_ent, printlevel, bigbuffer);
++ gi.cprintf(cl_ent, printlevel, "%s", bigbuffer);
+ }
+ }
+
+diff -urNad alien-arena-6.05~/source/server/sv_ccmds.c alien-arena-6.05/source/server/sv_ccmds.c
+--- alien-arena-6.05~/source/server/sv_ccmds.c 2007-03-04 00:43:03.000000000 +0100
++++ alien-arena-6.05/source/server/sv_ccmds.c 2007-09-15 16:33:07.000000000 +0200
+@@ -790,8 +790,8 @@
+ Com_Printf ("%7i ", svs.realtime - cl->lastmessage );
+
+ s = NET_AdrToString ( cl->netchan.remote_address);
+- Com_Printf ("%s", s);
+- l = 22 - strlen(s);
++ Com_Printf ("suppressed");
++ l = 22 - strlen("suppressed");
+ for (j=0 ; j<l ; j++)
+ Com_Printf (" ");
+
pgpeuLx2Y0Cy1.pgp
Description: PGP signature
