Your message dated Fri, 18 Aug 2006 21:17:17 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#381378: fixed in freeciv 2.0.8-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: freeciv
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-3913:
"Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
2006 and earlier, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a (1) negative
chunk_length or a (2) large chunk->offset value in a
PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
generic_handle_player_attribute_chunk function in common/packets.c,
and (3) a large packet->length value in the handle_unit_orders
function in server/unithand.c."
Please mention the CVE-id in the changelog.
--- End Message ---
--- Begin Message ---
Source: freeciv
Source-Version: 2.0.8-3
We believe that the bug you reported is fixed in the latest version of
freeciv, which is due to be installed in the Debian FTP archive:
freeciv-client-gtk_2.0.8-3_sparc.deb
to pool/main/f/freeciv/freeciv-client-gtk_2.0.8-3_sparc.deb
freeciv-client-xaw3d_2.0.8-3_sparc.deb
to pool/main/f/freeciv/freeciv-client-xaw3d_2.0.8-3_sparc.deb
freeciv-data_2.0.8-3_all.deb
to pool/main/f/freeciv/freeciv-data_2.0.8-3_all.deb
freeciv-server_2.0.8-3_sparc.deb
to pool/main/f/freeciv/freeciv-server_2.0.8-3_sparc.deb
freeciv_2.0.8-3.diff.gz
to pool/main/f/freeciv/freeciv_2.0.8-3.diff.gz
freeciv_2.0.8-3.dsc
to pool/main/f/freeciv/freeciv_2.0.8-3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jordi Mallach <[EMAIL PROTECTED]> (supplier of updated freeciv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 18 Aug 2006 11:55:47 +0200
Source: freeciv
Binary: freeciv-client-gtk freeciv-data freeciv-client-xaw3d freeciv-server
Architecture: source all sparc
Version: 2.0.8-3
Distribution: unstable
Urgency: high
Maintainer: Debian Freeciv Maintainers <[EMAIL PROTECTED]>
Changed-By: Jordi Mallach <[EMAIL PROTECTED]>
Description:
freeciv-client-gtk - Civilization turn based strategy game (GTK+ client)
freeciv-client-xaw3d - Civilization turn based strategy game (Xaw3D client)
freeciv-data - Civilization turn based strategy game (game data)
freeciv-server - Civilization turn based strategy game (server files)
Closes: 381378
Changes:
freeciv (2.0.8-3) unstable; urgency=high
.
* Ack vorlon's NMU. Thanks! Closes: #381378.
* Add common/packets.c bits to CVE-2006-3913 from freeciv's SVN
repository.
Files:
cb507b9edf490ca9860c77cc829c5ba3 1031 games optional freeciv_2.0.8-3.dsc
7086d340b57c9915fe67933382015d6c 47681 games optional freeciv_2.0.8-3.diff.gz
85946267fc421767586e6380f9e472fe 3911132 games optional
freeciv-data_2.0.8-3_all.deb
de58ee632cc4374b933e366feebbcb9c 428776 games optional
freeciv-server_2.0.8-3_sparc.deb
c9ea0e5d9ba02155272f639042e3fc0d 366996 games optional
freeciv-client-xaw3d_2.0.8-3_sparc.deb
a5c92649b107d0362861d5955fde045b 392856 games optional
freeciv-client-gtk_2.0.8-3_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Debian!
iD8DBQFE5o7c5m0u66uWM3ARAj0rAJsEfljMvGCGOYiF69c4oAyCeX4tyACdGa3o
LMV1xKVjXMh2AtN1OvNHq+E=
=Ayfh
-----END PGP SIGNATURE-----
--- End Message ---
