CVE-2010-4168

Debian Bug report logs - #603752
CVE-2010-4168

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2010-4168

Date: Tue, 16 Nov 2010 23:35:43 +0100

Package: openttd
Severity: grave
Tags: security

Please see http://security.openttd.org/en/CVE-2010-4168
and upload an updated package with the referenced patch.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Message #10 received at 603752@bugs.debian.org (full text, mbox, reply):

From: Steven Chamberlain <steven@pyro.eu.org>

To: 603752@bugs.debian.org

Subject: Re: CVE-2010-4168

Date: Thu, 18 Nov 2010 00:31:54 +0000

Hi,

Just thought I'd mention, I had trouble connecting to multiplay servers 
*before* I applied this patch, despite the suggestion it 'does not 
change network compatibility at all'.

Anyway, I've play-tested it with the patch, which applies cleanly, 
except it needed CRLF to LF conversion (fromdos), and a modification to 
apply with 'patch -p1' (sed -i 's/src/openttd\/src/').  The direct URL 
to it is:

http://security.openttd.org/en/patch/28.patch

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Message #15 received at 603752@bugs.debian.org (full text, mbox, reply):

From: Matthijs Kooijman <matthijs@stdin.nl>

To: Steven Chamberlain <steven@pyro.eu.org>, 603752@bugs.debian.org, Moritz Muehlenhoff <jmm@debian.org>

Subject: Re: Bug#603752: CVE-2010-4168

Date: Thu, 18 Nov 2010 21:54:21 +0100

[Message part 1 (text/plain, inline)]

Hi folks,

thanks for reporting and testing!

> Just thought I'd mention, I had trouble connecting to multiplay servers  
> *before* I applied this patch, despite the suggestion it 'does not  
> change network compatibility at all'.
I've double-checked this with upstream: There's really no way this can
affect connecting, since the changed code is only ran at disconnects.
I've also checked myself, I could join servers with an unpatched servers
normally.

Perhaps you had some other transient problem?

I'm preparing an upload right now, so this should be fixed soon.

Gr.

Matthijs

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 603752-close@bugs.debian.org (full text, mbox, reply):

From: Matthijs Kooijman <matthijs@stdin.nl>

To: 603752-close@bugs.debian.org

Subject: Bug#603752: fixed in openttd 1.0.4-2

Date: Thu, 18 Nov 2010 21:47:11 +0000

Source: openttd
Source-Version: 1.0.4-2

We believe that the bug you reported is fixed in the latest version of
openttd, which is due to be installed in the Debian FTP archive:

openttd-data_1.0.4-2_all.deb
  to main/o/openttd/openttd-data_1.0.4-2_all.deb
openttd_1.0.4-2.debian.tar.gz
  to main/o/openttd/openttd_1.0.4-2.debian.tar.gz
openttd_1.0.4-2.dsc
  to main/o/openttd/openttd_1.0.4-2.dsc
openttd_1.0.4-2_amd64.deb
  to main/o/openttd/openttd_1.0.4-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 603752@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthijs Kooijman <matthijs@stdin.nl> (supplier of updated openttd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 18 Nov 2010 21:45:54 +0100
Source: openttd
Binary: openttd openttd-data
Architecture: source amd64 all
Version: 1.0.4-2
Distribution: unstable
Urgency: high
Maintainer: Matthijs Kooijman <matthijs@stdin.nl>
Changed-By: Matthijs Kooijman <matthijs@stdin.nl>
Description: 
 openttd    - reimplementation of Transport Tycoon Deluxe with enhancements
 openttd-data - common data files for the OpenTTD game
Closes: 603752
Changes: 
 openttd (1.0.4-2) unstable; urgency=high
 .
   * [31f64cb] Add patch for CVE-2010-4168. (Closes: #603752)
Checksums-Sha1: 
 84a25fe86d96a2ff7e7348f8b24c30e8786ef1b5 1334 openttd_1.0.4-2.dsc
 20d69bcd6b158767d44fb1dd0d52ccb742292577 10722 openttd_1.0.4-2.debian.tar.gz
 874af8f72cd66e2b07606485f205d1c75988a691 1974732 openttd_1.0.4-2_amd64.deb
 34b13f4ee1ef2de63c662da65d9b41ee9bae9eeb 2267970 openttd-data_1.0.4-2_all.deb
Checksums-Sha256: 
 1267608a811413c171a208145498f3658c37a206f872ac98d68e22765cd11aca 1334 openttd_1.0.4-2.dsc
 1519d9eaf6ed58cb9855b238a5582d35367f5eeebd4a5f6a5720d6e03a0c9f0e 10722 openttd_1.0.4-2.debian.tar.gz
 23d1201caab31f225dd5ec891e9a692d9dc3e6977649edc4fa04918b5cbe1060 1974732 openttd_1.0.4-2_amd64.deb
 cb272bb41afc3b65b33ca39df44e597bee00b9cf12a0a8ad9546f5395cb897b7 2267970 openttd-data_1.0.4-2_all.deb
Files: 
 da70f79bb4c6680f8f8972029859d12a 1334 games optional openttd_1.0.4-2.dsc
 bd933061c87563a133b88904b6b3d032 10722 games optional openttd_1.0.4-2.debian.tar.gz
 1911503616fce2d05f3d5f5f45b0f407 1974732 games optional openttd_1.0.4-2_amd64.deb
 c87033074949b378314d319691eef271 2267970 games optional openttd-data_1.0.4-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEUEARECAAYFAkzlnMMACgkQz0nQ5oovr7ypRQCgmLP19RgUpPzErc/NxVIR62yP
QVcAmIbpyhNU6LfQGu/zZZB4ESpnTNk=
=ZnTS
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.