Your message dated Tue, 22 Aug 2017 21:48:29 +0000 with message-id <e1dkh2d-0004gj...@fasolo.debian.org> and subject line Bug#870725: fixed in ioquake3 1.36+u20140802+gca9eebb-2+deb8u2 has caused the Debian Bug report #870725, regarding CVE-2017-11721: read buffer overflow in MSG_ReadBits to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870725 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ioquake3 Severity: grave Tags: security Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: ioquake3 Source-Version: 1.36+u20140802+gca9eebb-2+deb8u2 We believe that the bug you reported is fixed in the latest version of ioquake3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <s...@debian.org> (supplier of updated ioquake3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 12 Aug 2017 10:15:49 -0400 Source: ioquake3 Binary: ioquake3 ioquake3-server ioquake3-dbg Architecture: source amd64 Version: 1.36+u20140802+gca9eebb-2+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian Games Team <pkg-games-de...@lists.alioth.debian.org> Changed-By: Simon McVittie <s...@debian.org> Description: ioquake3 - Game engine for 3D first person shooter games ioquake3-dbg - debug symbols for the ioquake3 game engine ioquake3-server - Standalone server for ioQuake3 based games Closes: 870725 Changes: ioquake3 (1.36+u20140802+gca9eebb-2+deb8u2) jessie-security; urgency=medium . * Add patch from upstream: + Address read buffer overflow in MSG_ReadBits (CVE-2017-11721) (Closes: #870725) + Check buffer boundary exactly in MSG_WriteBits, instead of potentially failing with a few bytes still available Checksums-Sha1: 74428d865287b740fe942e9c61a1c1de6148bb95 2487 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.dsc dbc1bef688c31dde83efce5f289850c7691720d4 21328 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.debian.tar.xz e082506121ad0039040f3e2281bc9c71d3c82dc3 1467444 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb 1cb478e031d39aafacfdaca9450c69b4192b4f4b 858832 ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb e63c1b73d34d6286529530da8fbaa01213e71bef 5103992 ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb Checksums-Sha256: c4d7f5d1fcdc4880aae830fa285e3e34d3f92013389e8ad3169bb8d6e9748e4f 2487 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.dsc 431d0bfd241c03b668496e4d271e0ac687f73acfa3e61afc4a61b1e160bc4821 21328 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.debian.tar.xz fd4620dae688a1da9930ba643d0196564868e31c2b6ff1c9ce070263bf36b093 1467444 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb 4b46e8a300db691e4d6482a7dd6b9b8d01193bc098901bb716fbd5edff6edfc4 858832 ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb 44928de612b490e254e99744230e8fd7759d8d8b4b06de5fc1219e470c94924b 5103992 ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb Files: 15b866d299bd49dadcc34345ef9c174a 2487 games optional ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.dsc d32e16ee6ae297b0dff0e4c3ba3410d4 21328 games optional ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.debian.tar.xz 682fabb11d7546db34626145ead2b97b 1467444 games optional ioquake3_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb daf0766b20ff78047d94af3dfdf648b2 858832 games optional ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb e65241a904a16c1911b57c85bdf8cde9 5103992 debug extra ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlmPYnQACgkQ4FrhR4+B TE9wkA/8Cle5qH/luXYIP88Kej/xFamqc4K8OHmU1M6uSEpk+UlnG6lVWJc76NJR DdS5d8bLHVD3gaLMPxGhIunXMPVM4gOwdvLBxtDoBy5auTtBLTWS01KGmOSPnfC3 86cVKsftKRDsd5b08sybyXK8H4em7p9DhMdxscB4GJOXxLQybkJGWy9qzebg0E1n 8RZIP7xZvSpA7EzPurH5XIdfftPGFmy6TvluT3WZ1n/L3J8OqpJbUV8M0E3+BLfN 7C/0nME8imeTGVBFtN9AgyGNQzXO3gydcizYW38Qj9M3BQMrZ+smDw6+LHbyhtjC sLBMcgSgvsrZpRhx4Qmnzlfii5sQItQJGUdurQuYPmLmVniaFSVE3KYOersmC4WS xM9tTZAY/63cBLJbMbEjcbkibBkxKnDEhcShIWde6yeK54NVgiF7oiNLoOh4bQhx MRRTDBZDialZE+CIND5NngICE1ns9C1/ITT64bKNYO68hixLYZcBybW2cqZANy8S 4FTXaau2UJVAW4COkB+xcl9N8xx40rYWNwxJeSIFCXbtxNN2Jl9NZTQQFJ9bEIe5 TNBO5olDkcYka/fHoIvhdkFnRsYG0LznAnDwyBGsyamnBXK72JPGuhoGHfvu6EgG QsGPVeE1uP94qJVFEMHLqn1M5NHfDiO9tX346J21T92m+1AToQY= =+EfJ -----END PGP SIGNATURE-----
--- End Message ---
