Debian Bug report logs -
#550913
dopewars: CVE-2009-3591 denial-of-service
Reported by: Michael S Gilbert <michael.s.gilbert@gmail.com>
Date: Wed, 14 Oct 2009 01:57:02 UTC
Severity: important
Tags: security
Found in version dopewars/1.5.12-2
Fixed in version dopewars/1.5.12-9
Done: Francois Marier <francois@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#550913; Package dopewars.
(Wed, 14 Oct 2009 01:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael S Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian Games Team <pkg-games-devel@lists.alioth.debian.org>.
(Wed, 14 Oct 2009 01:57:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: dopewars
Version: 1.5.12-2
Severity: important
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for dopewars.
CVE-2009-3591[0]:
| Dopewars 1.5.12 allows remote attackers to cause a denial of service
| (segmentation fault) via a REQUESTJET message with an invalid
| location.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
This issue is not severe enough to warrant a DSA, so please coordinate
updates for the next stable/oldstable point releases with the release
team.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3591
http://security-tracker.debian.net/tracker/CVE-2009-3591
Reply sent
to Francois Marier <francois@debian.org>:
You have taken responsibility.
(Sat, 07 Nov 2009 04:21:05 GMT) (full text, mbox, link).
Notification sent
to Michael S Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Sat, 07 Nov 2009 04:21:06 GMT) (full text, mbox, link).
Message #10 received at 550913-close@bugs.debian.org (full text, mbox, reply):
Source: dopewars
Source-Version: 1.5.12-9
We believe that the bug you reported is fixed in the latest version of
dopewars, which is due to be installed in the Debian FTP archive:
dopewars-data_1.5.12-9_all.deb
to main/d/dopewars/dopewars-data_1.5.12-9_all.deb
dopewars_1.5.12-9.diff.gz
to main/d/dopewars/dopewars_1.5.12-9.diff.gz
dopewars_1.5.12-9.dsc
to main/d/dopewars/dopewars_1.5.12-9.dsc
dopewars_1.5.12-9_amd64.deb
to main/d/dopewars/dopewars_1.5.12-9_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 550913@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Francois Marier <francois@debian.org> (supplier of updated dopewars package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 07 Nov 2009 16:53:46 +1300
Source: dopewars
Binary: dopewars dopewars-data
Architecture: source amd64 all
Version: 1.5.12-9
Distribution: unstable
Urgency: high
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Francois Marier <francois@debian.org>
Description:
dopewars - drug-dealing game set in streets of New York City
dopewars-data - drug-dealing game set in streets of New York City - data files
Closes: 550913
Changes:
dopewars (1.5.12-9) unstable; urgency=high
.
* Fix a denial of service (CVE-2009-3591, closes: #550913)
* debian/control: bump Standards-Version to 3.8.3
* Add a README.source referring to the dpatch README
Checksums-Sha1:
6abbef647cb870b9bc003f7866d07ca073c0d016 1351 dopewars_1.5.12-9.dsc
13df9d5f610defa8ccd29b98b72e6f3a3ac60ba2 60958 dopewars_1.5.12-9.diff.gz
56e6731d5ed2852a5281c945714368be32691d0a 160944 dopewars_1.5.12-9_amd64.deb
20ad462498639426ec8785d5dd7752ab9d815840 445778 dopewars-data_1.5.12-9_all.deb
Checksums-Sha256:
22ed069129d131e9f08deea8aaf7b3aa6a94d2368b7b02348cab7c4fedb920d9 1351 dopewars_1.5.12-9.dsc
2bed0c07790567fb258489b08654349c2f128894005c9f94df2f6a75e2aff2d5 60958 dopewars_1.5.12-9.diff.gz
21c4cd36df339ab4ffbe4ca16f50c5628783ee9da813e5333033ff1ac0f1d4be 160944 dopewars_1.5.12-9_amd64.deb
5f6f85af3b2ee620de27f113048fc46ccb698ee859f4471504e264b42311072a 445778 dopewars-data_1.5.12-9_all.deb
Files:
c98f6ce7508fc1f8f3763aa7dc432044 1351 games extra dopewars_1.5.12-9.dsc
3fc54afcab847f871f45647ae45adf22 60958 games extra dopewars_1.5.12-9.diff.gz
2956a1d027ba02a00690b286ed39d595 160944 games extra dopewars_1.5.12-9_amd64.deb
655dd88a5e75ae81cb3295f731cc9e9b 445778 games extra dopewars-data_1.5.12-9_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr08DUACgkQScUZKBnQNIZmeACbBWjepgRmZk+v3uIXRAyx/0e1
0tIAoIR1RDFuGEEWjyCTp3S8zt44Gj6k
=uA7+
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 21 Dec 2009 07:33:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:09:48 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon