Your message dated Mon, 06 Mar 2006 01:47:08 -0800 with message-id <[EMAIL PROTECTED]> and subject line Bug#355211: fixed in freeciv 2.0.8-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: freeciv-server Version: 2.0.7-2 Severity: important Jordi - There is a security hole in Freeciv 2.0 allowing a remote user to trigger a server crash (it is unlikely anything more than a crashed civserver would result from the hole). This patch (which will be included in the upcoming 2.0.8 release) will fix it; I recommend you upload it and/or get ready for 2.0.8 in a couple of days. Index: common/packets.c =================================================================== --- common/packets.c (revision 11709) +++ common/packets.c (working copy) @@ -362,13 +362,13 @@ } #endif - if (whole_packet_len > pc->buffer->ndata) { + if ((unsigned)whole_packet_len > pc->buffer->ndata) { return NULL; /* not all data has been read */ } #ifdef USE_COMPRESSION if (compressed_packet) { - int compressed_size = whole_packet_len - header_size; + uLong compressed_size = whole_packet_len - header_size; /* * We don't know the decompressed size. We assume a bad case * here: an expansion by an factor of 100. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages freeciv-server depends on: ii freeciv-data 2.0.7-2 Civilization turn based strategy g ii libc6 2.3.6-2 GNU C Library: Shared libraries an ii libreadline5 5.1-6 GNU readline and history libraries ii zlib1g 1:1.2.3-9 compression library - runtime freeciv-server recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: freeciv Source-Version: 2.0.8-1 We believe that the bug you reported is fixed in the latest version of freeciv, which is due to be installed in the Debian FTP archive: freeciv-client-gtk_2.0.8-1_i386.deb to pool/main/f/freeciv/freeciv-client-gtk_2.0.8-1_i386.deb freeciv-client-xaw3d_2.0.8-1_i386.deb to pool/main/f/freeciv/freeciv-client-xaw3d_2.0.8-1_i386.deb freeciv-data_2.0.8-1_all.deb to pool/main/f/freeciv/freeciv-data_2.0.8-1_all.deb freeciv-server_2.0.8-1_i386.deb to pool/main/f/freeciv/freeciv-server_2.0.8-1_i386.deb freeciv_2.0.8-1.diff.gz to pool/main/f/freeciv/freeciv_2.0.8-1.diff.gz freeciv_2.0.8-1.dsc to pool/main/f/freeciv/freeciv_2.0.8-1.dsc freeciv_2.0.8.orig.tar.gz to pool/main/f/freeciv/freeciv_2.0.8.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jordi Mallach <[EMAIL PROTECTED]> (supplier of updated freeciv package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 6 Mar 2006 10:03:06 +0100 Source: freeciv Binary: freeciv-client-gtk freeciv-data freeciv-client-xaw3d freeciv-server Architecture: source all i386 Version: 2.0.8-1 Distribution: unstable Urgency: high Maintainer: Jordi Mallach <[EMAIL PROTECTED]> Changed-By: Jordi Mallach <[EMAIL PROTECTED]> Description: freeciv-client-gtk - Civilization turn based strategy game (GTK+ client) freeciv-client-xaw3d - Civilization turn based strategy game (Xaw3D client) freeciv-data - Civilization turn based strategy game (game data) freeciv-server - Civilization turn based strategy game (server files) Closes: 355211 Changes: freeciv (2.0.8-1) unstable; urgency=high . * New upstream release. - [SECURITY: CVE-2006-0047] fixes a remote Denial of Service in civserver (closes: #355211). [ Clint Adams ] * debian/control, debian/rules: switch from dpatch to quilt. Files: a10a2e59ca4ef1b5a76ef5545a4e43b5 991 games optional freeciv_2.0.8-1.dsc 7d597d59236cc0cc1cfaa0cbbda24bd4 11179195 games optional freeciv_2.0.8.orig.tar.gz 9837af087aef9d8752595e4a91096177 45410 games optional freeciv_2.0.8-1.diff.gz f6a3ea4675d15d2a8c37044f1589055c 3910770 games optional freeciv-data_2.0.8-1_all.deb cfa375f04e0f31b3b3991b86ec8c2a85 447018 games optional freeciv-server_2.0.8-1_i386.deb b2e04b3d4a207c622c04e11a680ce563 376390 games optional freeciv-client-xaw3d_2.0.8-1_i386.deb fe1cd8cd97550c3f5b6bccffbda30c3f 411930 games optional freeciv-client-gtk_2.0.8-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEDAGKJYSUupF6Il4RAnwFAJ9H6AWUlAQeyiSZSTLdfgCszbkjigCg8EXs ZP+WhX9f60jho7kui7wesJA= =NLn/ -----END PGP SIGNATURE-----
--- End Message ---
