Your message dated Wed, 31 Aug 2022 19:20:01 +0000 with message-id <e1ottfp-00gppo...@fasolo.debian.org> and subject line Bug#1017579: fixed in freeciv 3.0.3-1 has caused the Debian Bug report #1017579, regarding freeciv: CVE-2022-3904: Modpack Installer buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1017579: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017579 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freeciv Version: 2.6.6-1 Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Quoting from the announcement posted to oss-security (no CVE is available): ---------------------------------------------------------------------- Just released freeciv-2.6.7 & freeciv-3.0.3 fix buffer overflow in Modpack Installer utility's handling of the modpack URL. Specially crafted URLs, without any '/' -characters would result in an underflowing length (unsigned)(-1) string copy, i.e., all of the NULL-terminated string given as "URL" would get written beyond the buffer reserved for it. Freeciv source tarballs are available from https://www.freeciv.org/download.html for current 3.0, and from https://www.freeciv.org/wiki/Old_downloads for 2.6. In case you can't make full version update at the moment, bug tracker ticket has also a patch for this single issue attached: https://osdn.net/projects/freeciv/ticket/45299 ----------------------------------------------------------------------
--- End Message ---
--- Begin Message ---Source: freeciv Source-Version: 3.0.3-1 Done: Tobias Frost <t...@debian.org> We believe that the bug you reported is fixed in the latest version of freeciv, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1017...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost <t...@debian.org> (supplier of updated freeciv package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 31 Aug 2022 20:39:45 +0200 Source: freeciv Architecture: source Version: 3.0.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Games Team <pkg-games-de...@lists.alioth.debian.org> Changed-By: Tobias Frost <t...@debian.org> Closes: 631775 984807 1013426 1013429 1017579 Changes: freeciv (3.0.3-1) unstable; urgency=medium . * New upstream release. (Closes: #631775, #1013429, #1017579) * Refreshing patches. * Fix cleaning of project to prepare for build two timeā¦ (Closes: #1013426) * remove lua in d/clean, not just prior to build * that allows one to drop some overrides from d/rules * Use upstreams configure flag enable-sys-lua=yes, but that still needs patching of configure.ac and a Makefile.am. * Break/Replaces on freeciv-data are no longer needed (version fulfilled since oldstable.) * Retire package freeciv-sound-standard and merge it into freeciv-data. (Closes: #984807) * Update d/copyright. * Bump S-V to 4.6.1, no changes needed. * Fix manpage section of ruledit.6 (manpage.patch). * Add symlink to freeciv-gtk3.6 manpage. * Change dh_missing policy to fail-missing. * Specify Rules-Requires-Root:no. * Simplify d/rules. * Add patch with spelling fixes. * Adding myself as uploaders. * Removing Karl Goetz from uploaders. Thanks for your past work! Checksums-Sha1: d417b5e5357f08084a96fdc7d216964552f893ff 2728 freeciv_3.0.3-1.dsc c3af22d735a128a2855ee38d6bf969da6e0084c3 33538868 freeciv_3.0.3.orig.tar.xz 72616773d48b134554dc122017b17d83c1458a07 28408 freeciv_3.0.3-1.debian.tar.xz 3d34807858ba475a96fbdea09ed1da400886e952 21253 freeciv_3.0.3-1_amd64.buildinfo Checksums-Sha256: 4198553731cc30cb030493eda76cbe9dc126570fbfb971407deb9171adfa5d7b 2728 freeciv_3.0.3-1.dsc 13215adc96be9f2894d5f3a12c78b8ebb9ae06ecdab25fe6bb1794f6e6d2b61b 33538868 freeciv_3.0.3.orig.tar.xz 29245c8453836a921a2e59261175609491e18592cb5721a7ccbdb64d6eb2fb4a 28408 freeciv_3.0.3-1.debian.tar.xz ff83131976ba7484926a09b8620c73819e5ab6bcf0771fbb98544d4db4d22129 21253 freeciv_3.0.3-1_amd64.buildinfo Files: 3b6f0cd01087b8426792a2ea913e5ada 2728 games optional freeciv_3.0.3-1.dsc 7f0347d6515bfa97c4bdec0a3419b05c 33538868 games optional freeciv_3.0.3.orig.tar.xz e6644c2a7c39c22a861c2a4ffe9dabf2 28408 games optional freeciv_3.0.3-1.debian.tar.xz e1a235e1ba7572e4c02d181d3fc6830a 21253 games optional freeciv_3.0.3-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmMPr+sACgkQkWT6HRe9 XTYU/BAAhxpzF6ci6S1zMniPNpbDFIrZwV56kwPurqN+brYaK4ojmOwZqOZLHNli RcR9Eiy9OVyiLo5lELu59B+jGbJCXz2olxR4AeDk6YZIqZYkQgsqwnI7oU7MBZCe DCgg3wByBlqpw+caJO8kay9/N/suy4WtjXBjNjKgntb9RoLdBBjxOj+g5AwkwpEf c+KnhI2+WcpLCChSm7WBKFYP4GWYwUDSDhT2Mq6yjOKGQmDurrFJMlcpk6po63o2 EgJe+XRQCyDZ/wsm0DPttqFD1VpXJsGW8E3RIvcmrUm49QPoqpRQ+KVv5LNgjZgf mqmTDwWl5R9irUeBR3m2qkhXV4ZwVsJInPk/uJGjtqaRgy+rnsgvfVPFINcHcGRx KR7tHJJKYRXas5AYPWNmHpa8NQ6TVmojNKIHNduYvAelcizTHsQmnbA18Zi42Pel oWfDRu78i+OEvB5d8dge1rQA4ljhzqdvWzAizOLiM2UfTZOhAvAm+vQwY6rV9Zvx 8ro7sA6ojBnp3VHRcZHS4pqqTr8OGCwxINKutxcuohadNWSpq3d+zW097RIxgfNT 6jnxqxhREStNNeoWt/RJMg/RJgQjFPz1S6Jp7sZcYDZgAATaEDUbV3RrCl8No3Wc FKwktdSsA83DSxXSkUArcibQIVQJ4fpDfm6JLlFWex18QEwl8yE= =hRqs -----END PGP SIGNATURE-----
--- End Message ---
