Your message dated Wed, 11 Mar 2015 11:33:48 +0000 with message-id <e1yvety-0002bt...@franck.debian.org> and subject line Bug#780178: fixed in armagetronad 0.2.8.3.2-4 has caused the Debian Bug report #780178, regarding armagetronad: several security vulnerabilities and network packets can terminate the connection to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780178: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780178 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: armagetronad Version: 0.2.8.3.2-1 Severity: serious Tags: security A new version of ArmagetronAD was released a few days ago which fixes primarily possible security vulnerabilities and crashes. >From the release notes: "The practically exploitable bug that was fixed was an error in the network error handling. In client mode, any received packet that causes an exception during processing would terminate the connection to the server. Regular game clients are usually well protected by a NAT router that would not let such packets from attackers through. Game servers are only vulnerable during the brief period while they are communicating with the master servers, and the effect then is that the server will not advertise itself. Another theoretically exploitable bug was that very short UDP packets would cause a read beyond the input buffer. The same buffer as last time, embarrasingly, but this time off the other end and with maximum offset 2." I have talked to upstream who provided a minimal patch which I intend to apply. I think it should be fixed for Jessie and Wheezy since the vulnerability is remotely exploitable. Regards, Markus
--- End Message ---
--- Begin Message ---Source: armagetronad Source-Version: 0.2.8.3.2-4 We believe that the bug you reported is fixed in the latest version of armagetronad, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@gambaru.de> (supplier of updated armagetronad package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 10 Mar 2015 08:00:31 +0100 Source: armagetronad Binary: armagetronad-common armagetronad armagetronad-dedicated Architecture: source all amd64 Version: 0.2.8.3.2-4 Distribution: unstable Urgency: medium Maintainer: Debian Games Team <pkg-games-de...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@gambaru.de> Description: armagetronad - 3D Tron-like high speed game armagetronad-common - Common files for the Armagetron Advanced packages armagetronad-dedicated - dedicated game server for Armagetron Advanced Closes: 780178 Changes: armagetronad (0.2.8.3.2-4) unstable; urgency=medium . * Add security.patch and fix possible remotely exploitable security vulnerabilities that could terminate network connections of client and server. (Closes: #780178) Checksums-Sha1: bccddb9fc23aa97e0846f4a285867a07bbb8861c 2292 armagetronad_0.2.8.3.2-4.dsc 801249fba4b6f1ec9da479ae41827a4c5b2a9dc3 2210610 armagetronad_0.2.8.3.2.orig.tar.gz a2bb87b5c4b1f98cb6dd1c280d20235357f1e749 16108 armagetronad_0.2.8.3.2-4.debian.tar.xz 3a81e90683f16cc9d6466eb9e7647f15f9b4596b 424260 armagetronad-common_0.2.8.3.2-4_all.deb 9e65503ca370534e998666afcc46a67ab468f202 1320292 armagetronad_0.2.8.3.2-4_amd64.deb 8165384bb396d9379c22839457095003942dd22c 841394 armagetronad-dedicated_0.2.8.3.2-4_amd64.deb Checksums-Sha256: 7648ed725751b8bc075dbfe2ad2369123b218e21d9fa20abeffe5523ef6ad52d 2292 armagetronad_0.2.8.3.2-4.dsc 17ea649a83316d17392bc878c4862e306eb60e790cb17a29a553d34dc9429ed9 2210610 armagetronad_0.2.8.3.2.orig.tar.gz 7a7cd29095fc83cc5377f09d7b5f55082af7eeeedb39b815ff5271e7fc70ab0f 16108 armagetronad_0.2.8.3.2-4.debian.tar.xz a10bf412e7dcfe09346331644d9ea9f3c3a9a2c8a0dea5f375ff6cdf92391ccb 424260 armagetronad-common_0.2.8.3.2-4_all.deb 1247c4dc73d7c832eb22228ab5e471adbca05f6d166f128caa154ec912c99bd8 1320292 armagetronad_0.2.8.3.2-4_amd64.deb b399db9b405be7aaa54350fd5d1dd9c8d10e5172eee3aa91c8fc5aed0569fc2e 841394 armagetronad-dedicated_0.2.8.3.2-4_amd64.deb Files: 4b8bc8440f5a343fa3d43a91675684b6 2292 games optional armagetronad_0.2.8.3.2-4.dsc f7796de4ef50bd33553e0a3f93fd67e6 2210610 games optional armagetronad_0.2.8.3.2.orig.tar.gz a9320f9d2b73416ed1ac1e9bb4df5639 16108 games optional armagetronad_0.2.8.3.2-4.debian.tar.xz 3aaf2c5c9682f6db738ec7696c7465d4 424260 games optional armagetronad-common_0.2.8.3.2-4_all.deb 93db59b02477ef06f8b30ab9f7422919 1320292 games optional armagetronad_0.2.8.3.2-4_amd64.deb 50a9f8abf477cd24c028bc93fc83a655 841394 games optional armagetronad-dedicated_0.2.8.3.2-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVACJWAAoJEHQmOzf1tfkT/J8P+wfz9rNwq4x/KfnKp4H7cFES O8h5CiiYUzqCJPol8e/HNTWoK+lagjPNYloOE2gD7vGy2qXyXmeMDdAoChMg1uQK VN0XlJC+CFJqWASvjsduAyEkairwnJQg/dRLVejRgJIAHYbkV36diNnNg5YWHc3S ufrZTQoe8qxhIghE75gm1JxvXTdsbixa96y3PCdKIazE4GICTlesyanu8rnVVs7m 6HAIANZa06OUO+GMmMRZed41EIMtOl9hL+WMpBitkjtIqmvV5HLcY2+sQMxWOrLF tei1THl3cfl37Z7kSLgr/fZqKPgDs99zNxvfBPeHkQO04ssM42nKJxVPG6eDg3v0 B8f4GySqpMgZwC/VpQI7lgNlCtg8+gJkle3lrGbiV3byRNpo1LdTtA6NSTWoT+M/ OTCFixdyfLKYALNdTPEYCNCxMzuqx1urgOfTkkTqQdByjx8OCSyS+HzF2LYWh1sw iUZkOffU3YAccGJr9Y0QMYMmNpa7jRWLVnj4cZh2WLy6aDTsYjkpBZOoWkwPfNKP LjTn/L0BsXb4sP+NmLl506e5vDUKn2o2e4Vp/FUPZSQiZ/aOXgZrrAGvwgQ2Y8V/ Q+SEBP22pd1HkXR40mqTJ8LRwvkx2RxS7HCDoR7RC2Rp/31OllUvWUdAPgr3DDSN L39SOaApE7yuPDiMHWa8 =SFbg -----END PGP SIGNATURE-----
--- End Message ---
