Your message dated Sun, 16 Apr 2023 18:11:36 +0000 with message-id <e1po6qe-0044zs...@fasolo.debian.org> and subject line Bug#1034190: fixed in sgt-puzzles 20230410.71cf891-1 has caused the Debian Bug report #1034190, regarding More security bugs in game loading to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1034190: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034190 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: sgt-puzzles Version: 20230122.806ae71-1 Severity: serious Tags: security upstream fixed-upstream X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Ben Harris found multiple issues in sgt-puzzles where a malformed game description or save file can lead to a buffer overflow, buffer overread, use of an uniniitialised pointer, integer overflow, null pointer dereference, division by zero, assertion failure, or memory leak. These were fixed upstream over the past few months. The Debian package doesn't register any media type handler for save files, so I think this can only be exploited by social-engineering a user into loading such a file or description. For most of these bugs, the impact is limited to a crash of the application. However, the various memory safety errors may be more serious. On some architectures, division by zero does not cause an exception and this might also be exploitable. Ben. -- System Information: Debian Release: 12.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-7-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sgt-puzzles depends on: ii libc6 2.36-8 ii libcairo2 1.16.0-7 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libglib2.0-0 2.74.6-1 ii libgtk-3-0 3.24.37-2 ii libpango-1.0-0 1.50.12+ds-1 ii libpangocairo-1.0-0 1.50.12+ds-1 Versions of packages sgt-puzzles recommends: ii chromium [www-browser] 111.0.5563.64-1 ii firefox [www-browser] 111.0-3 ii lynx [www-browser] 2.9.0dev.12-1 ii xdg-utils 1.1.3-4.1 sgt-puzzles suggests no packages. -- debconf-show failed
--- End Message ---
--- Begin Message ---Source: sgt-puzzles Source-Version: 20230410.71cf891-1 Done: Ben Hutchings <b...@debian.org> We believe that the bug you reported is fixed in the latest version of sgt-puzzles, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1034...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ben Hutchings <b...@debian.org> (supplier of updated sgt-puzzles package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Apr 2023 01:30:57 +0200 Source: sgt-puzzles Architecture: source Version: 20230410.71cf891-1 Distribution: experimental Urgency: medium Maintainer: Ben Hutchings <b...@debian.org> Changed-By: Ben Hutchings <b...@debian.org> Closes: 642207 905852 1034190 Changes: sgt-puzzles (20230410.71cf891-1) experimental; urgency=medium . * New upstream version: - Note in the documentation that Pattern clues are in order (Closes: #642207) - Solo: cope with pencil marks when tilesize == 1 (Closes: #905852) - Multiple fixes for security issues in game loading (Closes: #1034190) * d/rules: Fix various bugs in update-upstream rule Checksums-Sha1: c42f466b48efaf293b444dd92e61b738b40b4b6a 2044 sgt-puzzles_20230410.71cf891-1.dsc 7f76b870013065afcc2ed8de7ea08a29d8c46f9b 922180 sgt-puzzles_20230410.71cf891.orig.tar.xz 2c0f96062deb99f8c47696a12404045e41cf51c9 99860 sgt-puzzles_20230410.71cf891-1.debian.tar.xz bb50ce8544f4cfc5cbb89610ee185e0f6ff7ec11 15341 sgt-puzzles_20230410.71cf891-1_amd64.buildinfo Checksums-Sha256: 0723aa3fcd750fdf5c2717c04b4bce4daa3f458e5e18e47effb16a1527453e1a 2044 sgt-puzzles_20230410.71cf891-1.dsc 09c8aa5af21a79e57feb4070501384f8e1195bb3675f69c1906565738dc5cd14 922180 sgt-puzzles_20230410.71cf891.orig.tar.xz f7d708763b5ccecf5c2315056483e293874964e3819cb583e913b25df700f3d3 99860 sgt-puzzles_20230410.71cf891-1.debian.tar.xz fdfc13b17fea75dceed45a6cf72067c1f414ee972848dced90a49d34860b03ca 15341 sgt-puzzles_20230410.71cf891-1_amd64.buildinfo Files: c31ff0eeec49c55ab704acb263f68727 2044 games optional sgt-puzzles_20230410.71cf891-1.dsc 95ba56e31059fa0da7d5f8c0cf6044ec 922180 games optional sgt-puzzles_20230410.71cf891.orig.tar.xz b32339b3b6e807a8793eadadb2be5a9e 99860 games optional sgt-puzzles_20230410.71cf891-1.debian.tar.xz 85ecc77c9aa3903f7d93b80e0fcfae84 15341 games optional sgt-puzzles_20230410.71cf891-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmQ8Ns4ACgkQ57/I7JWG EQmJzBAAjN5uRnwLTob/MSB7t90NUHr/bZeBY7O1YSWMDwvUWdx9YPhD/qwdjmaV w5MtyFYIU1W4X91/TdAaJs9y4ff9wo8NK/JURYb9ayc3Dn63inqRwVa/D/k5YI9l Wh48idLimAIjW8mQLSrjXiWXCcqI/3mLHdW7Zkx8PxfBPTbUUmqQ0u1e0IF/ej8m D/pFSxjW7EQyNijndUm3qR2rGhLliDZa4U62IrF7b1B3/N6eObn19i+EcVhXLsej G8zybEhUAAKJ5xogkSbUxDRdZ09bYqpu2XCuYaYewgE+Pd20E0+e0PLmflzI0yq8 bd8o5r3aFXi1hoVtmVfKBouqaMuY50d/y6unKMmwOdSA2GIRj/ej23zyyfXtnpUd baPw5nc3cJeacjHn4/HDBGJZoufjcLjZumKvJkYGRv4g76LTK12fEBt2OFIES1nk kcr4QMsSzK4t4H8bSipM0Eu3s4QcsS1fNQnb4Fbw76t0kLhtcGVmkPgaXQ7uHeet 9JBMqPMHfRvNmc5JE8hStS4/sHpdFcJzSTbnvs1zIIpAp30kKcOIPY9YCcCe/KE8 KNESkcQcbEG4ouNRME9ByQxBpRwX+yrpmdytFWB2wZjjiZK/eClfxPjYdxtTJCW8 zCcDTL7WTC7lMAofwlv2H/FGF3GwQihlJ66mkT7uNyIHihmwJ7Y= =cdSB -----END PGP SIGNATURE-----
--- End Message ---
