Your message dated Wed, 22 Feb 2012 10:31:07 +0000
with message-id <4f44c3eb.2090...@debian.org>
and subject line Re: Bug#660827: tremulous: CVE-2006-2236 ("the remapShader
exploit") can lead to arbitrary code execution
has caused the Debian Bug report #660827,
regarding tremulous: CVE-2006-2236 ("the remapShader exploit") can lead to
arbitrary code execution
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
660827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660827
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tremulous
Version: 1.1.0-4.1
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-2236 is a buffer overflow in the Quake 3 engine, originally
discovered by "landser". Due to missing bounds-checking in COM_StripExtension,
as used by the "remapShader" command, a malicious server can cause clients
connecting to it to execute arbitrary code.
Tremulous is based on a fork of that engine, and version 1.1.0 as shipped
in Debian has the same vulnerability.
The de facto upstream for the Quake 3 engine is ioquake3, in which this
vulnerability was fixed in r765. Debian's ioquake3 package is not vulnerable.
--- End Message ---
--- Begin Message ---
Version: 1.1.0-7
tremulous (1.1.0-6) unstable; urgency=medium
* Backport patches from ioquake3 to fix long-standing security bugs:
- CVE-2006-2082: arbitrary file download from server by a malicious
client
(Closes: #660831)
- CVE-2006-2236 ("the remapShader exploit"): missing bounds-checking on
COM_StripExtension, exploitable in clients of a malicious server
(Closes: #660827)
- CVE-2006-2875 ("q3cbof"): buffer overflow in CL_ParseDownload by a
malicious server (Closes: #660830)
- CVE-2006-3324: arbitrary file overwriting in clients of a malicious
server (Closes: #660832)
- CVE-2006-3325: arbitrary cvar overwriting (could lead to arbitrary
code execution) in clients of a malicious server (Closes: #660834)
- CVE-2011-3012, CVE-2011-2764: DLL overwriting (leading to arbitrary
code execution) in clients of a malicious server if auto-downloading
is enabled (Closes: #660836)
* As a precaution, disable auto-downloading
* Backport ioquake3 r1141 to fix a potential buffer overflow in error
handling (not known to be exploitable, but it can't hurt)
* Add gcc attributes to all printf- and scanf-like functions, and
fix non-literal format strings (again, none are known to be exploitable)
-- Simon McVittie <s...@debian.org> Wed, 22 Feb 2012 09:07:37 +0000
--- End Message ---
