Package: armagetron Version: 0.2.7.0-1.1 Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-3673: "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error." CVE-2006-3674: "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function." There are more specific details and vague instructions on how to reproduce this issue in the original advisory [1]. I have not attempted to reproduce either. The same advisory claims that "a patched version will be released soon"; their svn is giving me 503s right now so I can't confirm if this has happened. I have not verified if this is present in sarge. Please mention the CVE in your changelog. Thanks, Alec [1] http://aluigi.altervista.org/adv/atrondos-adv.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEv/6cAud/2YgchcQRApDLAJ9BXxcP7Xru28dZ+C/2cAJE6XTZ4wCg0qLe K146rXlifPW6iejDdWJYSb4= =Mk/S -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
