Your message dated Fri, 24 Mar 2017 12:32:29 +
with message-id
and subject line Bug#857699: fixed in ioquake3 1.36+u20140802+gca9eebb-2+deb8u1
has caused the Debian Bug report #857699,
regarding ioquake3: CVE-2017-6903: privilege escalation by auto-downloaded files
to be marked as done.
This
>
> [Attack Type]
> Remote
>
> --
>
> [Impact Code execution]
> true
>
> --
>
> [Attack Vectors]
> Connect to a malicious game server, or connect to a non-malicious game
> server in the presen
FYI, The ioquake3.org blog post was updated to reference me as the reporter.
On Tue, Mar 14, 2017 at 4:42 PM, Victor Roemer wrote:
> Any way we can amend that?
>
> On Tue, Mar 14, 2017 at 3:31 PM, Simon McVittie wrote:
>
>> On Tue, 14 Mar 2017 at 13:38:37 -0400, Victor Roemer wrote:
>> > I orig
Any way we can amend that?
On Tue, Mar 14, 2017 at 3:31 PM, Simon McVittie wrote:
> On Tue, 14 Mar 2017 at 13:38:37 -0400, Victor Roemer wrote:
> > I originally reported the vulnerability to ioquake3. I'd like to help
> with the
> > CVE however I can.
> > I'm not familiar with CVE reports which
On Tue, 14 Mar 2017 at 13:38:37 -0400, Victor Roemer wrote:
> I originally reported the vulnerability to ioquake3. I'd like to help with the
> CVE however I can.
> I'm not familiar with CVE reports which is why one hasn't already been
> written.
MITRE's new process really doesn't help matters the
Thank you for your submission. It will be reviewed by a CVE Assignment Team
member.
Changes, additions, or updates to your request can be sent to the CVE Team by
replying directly to this email.
Please do not change the subject line, which allows us to effectively track
your request.
CVE Ass
Hi guys,
I originally disclosed the bug to ioquake3. I would like to help however I
can with the CVE.
I am not familiar with the CVE creation process which is why one has been
created by myself.
Thanks
Victor
Hi guys,
I originally reported the vulnerability to ioquake3. I'd like to help with
the CVE however I can.
I'm not familiar with CVE reports which is why one hasn't already been
written.
Thanks,
Victor
Hi,
I heard upstream is not gonna create a CVE, so go ahead..
Cheers,
Daniel
On 14.03.2017 17:44, Salvatore Bonaccorso wrote:
Hi Simon,
On Tue, Mar 14, 2017 at 08:30:36AM +, Simon McVittie wrote:
cc'ing security team for information. No CVE ID yet, I assume ioquake3
upstream will be requ
Hi Simon,
On Tue, Mar 14, 2017 at 08:30:36AM +, Simon McVittie wrote:
> cc'ing security team for information. No CVE ID yet, I assume ioquake3
> upstream will be requesting one (or if not I will).
heard anything about that yet? If so can you request a CVE via
https://cveform.mitre.org/ and lo
On 14.03.2017 09:30, Simon McVittie wrote:
Thanks for reporting, I'll fix this ASAP.
Awesome, thanks for the prompt reaction!
Looks like I need to teach ioquake3 upstream about coordinated
disclosure, or remind them that their game is in distributions.
That might be a good idea, I had th
On Tue, Mar 14, 2017 at 12:18:27PM +, Simon McVittie wrote:
> On Tue, 14 Mar 2017 at 08:30:36 +, Simon McVittie wrote:
> > On Tue, 14 Mar 2017 at 04:59:15 +0100, Daniel Gibson wrote:
> > > earlier today ioquake3 fixed a vulnerability that, as far as I understand,
> > > could let malicious m
On Tue, 14 Mar 2017 at 08:30:36 +, Simon McVittie wrote:
> On Tue, 14 Mar 2017 at 04:59:15 +0100, Daniel Gibson wrote:
> > earlier today ioquake3 fixed a vulnerability that, as far as I understand,
> > could let malicious multiplayer servers execute code on connecting clients.
> > It affects al
Your message dated Tue, 14 Mar 2017 11:34:06 +
with message-id
and subject line Bug#857699: fixed in ioquake3 1.36+u20161101+dfsg1-2
has caused the Debian Bug report #857699,
regarding ioquake3 has a security vulnerability
to be marked as done.
This means that you claim that the problem has
Control: tags 857699 + security
Control: clone 857699 -2 -3
Control: reassign -2 iortcw 1.42b+20150930+dfsg1-1
Control: reassign -3 openjk 0~20150430+dfsg1-1
On Tue, 14 Mar 2017 at 04:59:15 +0100, Daniel Gibson wrote:
> earlier today ioquake3 fixed a vulnerability that, as far as I understand,
> c
Processing control commands:
> tags 857699 + security
Bug #857699 [ioquake3] ioquake3 has a security vulnerability
Ignoring request to alter tags of bug #857699 to the same tags previously set
> clone 857699 -2 -3
Bug #857699 [ioquake3] ioquake3 has a security vulnerability
Bug 857699 clo
Package: ioquake3
Version: 1.36
Severity: grave
Hi,
earlier today ioquake3 fixed a vulnerability that, as far as I
understand, could let malicious multiplayer servers execute code on
connecting clients.
It affects all prior versions of ioquake3 (and I think also original
Quake 3).
Details:
h
17 matches
Mail list logo
