Debian Bug report logs -
#381378
CVE-2006-3913: arbitrary code execution in freeciv
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 3 Aug 2006 23:18:13 UTC
Severity: grave
Tags: fixed, patch, security
Fixed in version freeciv/2.0.8-3
Done: Jordi Mallach <jordi@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
:
Bug#381378
; Package freeciv
.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: freeciv
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-3913:
"Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
2006 and earlier, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a (1) negative
chunk_length or a (2) large chunk->offset value in a
PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
generic_handle_player_attribute_chunk function in common/packets.c,
and (3) a large packet->length value in the handle_unit_orders
function in server/unithand.c."
Please mention the CVE-id in the changelog.
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
:
Bug#381378
; Package freeciv
.
(full text, mbox, link).
Acknowledgement sent to Martin Schulze <joey@infodrom.org>
:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #10 received at 381378@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Stefan Fritsch wrote:
> Package: freeciv
> Severity: grave
> Tags: security
> Justification: user security hole
>
> CVE-2006-3913:
> "Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
> 2006 and earlier, allows remote attackers to cause a denial of service
> (crash) and possibly execute arbitrary code via a (1) negative
> chunk_length or a (2) large chunk->offset value in a
> PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
> generic_handle_player_attribute_chunk function in common/packets.c,
> and (3) a large packet->length value in the handle_unit_orders
> function in server/unithand.c."
>
> Please mention the CVE-id in the changelog.
Attached please find the patch sent to the maintainer already.
Regards,
Joey
--
In the beginning was the word, and the word was content-type: text/plain
Please always Cc to me when replying to me on the lists.
[patch.CVE-2006-3913.freeciv (text/plain, attachment)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
:
Bug#381378
; Package freeciv
.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #15 received at 381378@bugs.debian.org (full text, mbox, reply):
tags 381378 patch
thanks
Hi guys,
I've prepared a 0-day NMU for this security bug in freeciv, applying the
relevant bits of the patch Joey sent to the bug report. Please find the
full NMU diff attached.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Tags added: patch
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
:
Bug#381378
; Package freeciv
.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #22 received at 381378@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Wed, Aug 16, 2006 at 07:31:38PM -0700, Steve Langasek wrote:
> tags 381378 patch
> thanks
> Hi guys,
> I've prepared a 0-day NMU for this security bug in freeciv, applying the
> relevant bits of the patch Joey sent to the bug report. Please find the
> full NMU diff attached.
Made you look!
Now try to find the full NMU diff attached /here/.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
[freeciv-381378.diff (text/plain, attachment)]
Tags added: fixed
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Reply sent to Jordi Mallach <jordi@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #29 received at 381378-close@bugs.debian.org (full text, mbox, reply):
Source: freeciv
Source-Version: 2.0.8-3
We believe that the bug you reported is fixed in the latest version of
freeciv, which is due to be installed in the Debian FTP archive:
freeciv-client-gtk_2.0.8-3_sparc.deb
to pool/main/f/freeciv/freeciv-client-gtk_2.0.8-3_sparc.deb
freeciv-client-xaw3d_2.0.8-3_sparc.deb
to pool/main/f/freeciv/freeciv-client-xaw3d_2.0.8-3_sparc.deb
freeciv-data_2.0.8-3_all.deb
to pool/main/f/freeciv/freeciv-data_2.0.8-3_all.deb
freeciv-server_2.0.8-3_sparc.deb
to pool/main/f/freeciv/freeciv-server_2.0.8-3_sparc.deb
freeciv_2.0.8-3.diff.gz
to pool/main/f/freeciv/freeciv_2.0.8-3.diff.gz
freeciv_2.0.8-3.dsc
to pool/main/f/freeciv/freeciv_2.0.8-3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 381378@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jordi Mallach <jordi@debian.org> (supplier of updated freeciv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 18 Aug 2006 11:55:47 +0200
Source: freeciv
Binary: freeciv-client-gtk freeciv-data freeciv-client-xaw3d freeciv-server
Architecture: source all sparc
Version: 2.0.8-3
Distribution: unstable
Urgency: high
Maintainer: Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description:
freeciv-client-gtk - Civilization turn based strategy game (GTK+ client)
freeciv-client-xaw3d - Civilization turn based strategy game (Xaw3D client)
freeciv-data - Civilization turn based strategy game (game data)
freeciv-server - Civilization turn based strategy game (server files)
Closes: 381378
Changes:
freeciv (2.0.8-3) unstable; urgency=high
.
* Ack vorlon's NMU. Thanks! Closes: #381378.
* Add common/packets.c bits to CVE-2006-3913 from freeciv's SVN
repository.
Files:
cb507b9edf490ca9860c77cc829c5ba3 1031 games optional freeciv_2.0.8-3.dsc
7086d340b57c9915fe67933382015d6c 47681 games optional freeciv_2.0.8-3.diff.gz
85946267fc421767586e6380f9e472fe 3911132 games optional freeciv-data_2.0.8-3_all.deb
de58ee632cc4374b933e366feebbcb9c 428776 games optional freeciv-server_2.0.8-3_sparc.deb
c9ea0e5d9ba02155272f639042e3fc0d 366996 games optional freeciv-client-xaw3d_2.0.8-3_sparc.deb
a5c92649b107d0362861d5955fde045b 392856 games optional freeciv-client-gtk_2.0.8-3_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Debian!
iD8DBQFE5o7c5m0u66uWM3ARAj0rAJsEfljMvGCGOYiF69c4oAyCeX4tyACdGa3o
LMV1xKVjXMh4AtN1OvNHq+E=
=Ayfh
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 26 Jun 2007 16:32:27 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:57:36 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.