Bug#857714: marked as done (ioquake3 has a security vulnerability)

Tue, 14 Mar 2017 03:52:19 -0700 

Your message dated Tue, 14 Mar 2017 10:48:41 +0000
with message-id <e1cnk0p-0005zw...@fasolo.debian.org>
and subject line Bug#857714: fixed in iortcw 1.50a+dfsg1-3
has caused the Debian Bug report #857714,
regarding ioquake3 has a security vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
857714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857714
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ioquake3
Version: 1.36
Severity: grave

Hi,
earlier today ioquake3 fixed a vulnerability that, as far as I understand, could let malicious multiplayer servers execute code on connecting clients. It affects all prior versions of ioquake3 (and I think also original Quake 3). Details: https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/ 

So you should probably update to latest ioq3 git or backport the fix.

Cheers,
Daniel

--- End Message ---
--- Begin Message --- 
Source: iortcw
Source-Version: 1.50a+dfsg1-3

We believe that the bug you reported is fixed in the latest version of
iortcw, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 857...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <s...@debian.org> (supplier of updated iortcw package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 14 Mar 2017 09:37:19 +0000
Source: iortcw
Binary: rtcw rtcw-common rtcw-server
Architecture: source
Version: 1.50a+dfsg1-3
Distribution: unstable
Urgency: high
Maintainer: Debian Games Team <pkg-games-de...@lists.alioth.debian.org>
Changed-By: Simon McVittie <s...@debian.org>
Closes: 857714
Description: 
 rtcw-common - common files for Return to Castle Wolfenstein
 rtcw       - game engine for Return to Castle Wolfenstein
 rtcw-server - standalone server for Return to Castle Wolfenstein
Changes:
 iortcw (1.50a+dfsg1-3) unstable; urgency=high
 .
   * d/gbp.conf: switch branch to debian/stretch for updates during freeze
   * d/patches: Add patches from upstream fixing security vulnerabilities
     - refuse to load potentially auto-downloadable .pk3 files as
       iortcw renderers, iortcw game code, libcurl, or OpenAL drivers
       (mitigation: auto-downloading is off by default, and in Debian
       we do not dlopen libcurl anyway)
     - refuse to load default configuration file names from a .pk3 file
     - protect cl_renderer, cl_curllib, s_aldriver configuration variables so
       game code cannot set them
     - refuse to overwrite files other than *.txt with the dump console
       command
     - refuse to overwrite files other than *.cfg with the writeconfig
       console command
     (Closes: #857714)
Checksums-Sha1: 
 8ce0ab7e6cdb5faa8bc67dd9a386e85f4986c151 2247 iortcw_1.50a+dfsg1-3.dsc
 e4edac62ee8b2fc81a3e399011b409d92cc7e194 31812 
iortcw_1.50a+dfsg1-3.debian.tar.xz
Checksums-Sha256: 
 9e9fd42c9c7a48215950bc827f791d50c99d7b64cedcc36493e467f0b6f0d70b 2247 
iortcw_1.50a+dfsg1-3.dsc
 8ac7c810902acede665b1e1457c1dd12549a414e28d41123e6704baf2e19a470 31812 
iortcw_1.50a+dfsg1-3.debian.tar.xz
Files: 
 42665eac07c13b16c0bfbc838b845ed5 2247 contrib/games optional 
iortcw_1.50a+dfsg1-3.dsc
 b4a440635daa61d617cc2c9ea9d9208d 31812 contrib/games optional 
iortcw_1.50a+dfsg1-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAljHw+kACgkQTej/KmPH
zJDGAQ/7Bp1n70xwxsic8sM5Wl++FtG6wUJYJDZYi8phqVgq+q4iNLe7yknvkNWa
itfXlbFBeGHAnagrJ316acKZh3xtaJ5DBsZNhd4Zs8uGfGQVkWK8610FcegIEVGy
UenjuhxqIcoCrzD6gUSOV1TIB13z7fRWhhK+jRD/ILDU1OI3ta17EkfEX6UOu08P
yf+QGG2yaiym74PtzKhykHBjNdiIVCiEq19toVWRB4lxlJ6+YB3FIR7kGm3QxGob
BymV1D2HNbdLnchQdV+Fyfe/ZbfXxIhqCs+WA7W5D+I7XAMN9c4rs7+molDGNAO2
lZ9vn5wEbOuUeVEaGDIXRS2uSvPlThfr0XcWVhp4GjTjds2cnsxfMfmTmjZVCvGD
i7pb7xuzJCk0dC2imoeArszmubnQVtx9HOugF/rgoFO+QxY2IPpzYAiNsZAj81N2
GyWW49Zkr/9NWDCc/KD2LzAbVy+lY53n8kAvZN0e+d5lIX463iQvk7C5Ix52S6AK
JWekFtU78Yxu1ZtHpi1Xw+46FH2CnIpfrM8s4YWYv9o4u7/tlKa4M8bpu3On3G9E
3mmQEE/UR2ap26dYQ9iL0h6x++70B2uH7O2Yi+8IzgHnnCMTGUAFpvsIzClxyWqX
z8x3td3eVnA97J/9PeOWE7iGhICCJMRjx4fiyaZJ0MBhRdsXGVo=
=4Bhy
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to