scorched3d: Multiple security problems

Debian Bug report logs - #337403
scorched3d: Multiple security problems

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: scorched3d: Multiple security problems

Date: Fri, 04 Nov 2005 11:24:59 +0100

Package: scorched3d
Version: 39.1+cvs20050929-1
Severity: grave
Tags: security
Justification: user security hole

Multiple vulnerabilities have been found in "Scorched 3D", some
of which may lead to arbitrary code execution. Please see
http://aluigi.altervista.org/adv/scorchbugs-adv.txt for more
details.

Cheers,
          Moritz

-- System Information:
Debian Release: 3.1
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Message #10 received at 337403@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: 337403@bugs.debian.org

Subject: CVE assignments

Date: Fri, 18 Nov 2005 11:22:42 +0100

There have been CVE assignment for these issues: 

CVE-2005-3488:
Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a denial
of service (long loop and server hang) via a negative numplayers value that
bypasses a signed check in ServerConnectHandler.cpp.
 
CVE-2005-3487:
Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote
attackers to execute arbitrary code via various (1) GLConsole::addLine, (2)
ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long
command that is not properly handled in ComsMessageHandler.cpp when generating
an error message, (5) a long UniqueID value in Logger.cpp, and possibly other
unspecified vectors.

CVE-2005-3486:
Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier
allow remote attackers to |execute arbitrary code via various (1)
GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog
functions, and possibly other unspecified vectors.

Message #15 received at 337403-close@bugs.debian.org (full text, mbox, reply):

From: Bartosz Fenski <fenio@debian.org>

To: 337403-close@bugs.debian.org

Subject: Bug#337403: fixed in scorched3d 39.1+cvs20050929-2

Date: Wed, 22 Feb 2006 04:17:13 -0800

Source: scorched3d
Source-Version: 39.1+cvs20050929-2

We believe that the bug you reported is fixed in the latest version of
scorched3d, which is due to be installed in the Debian FTP archive:

scorched3d-data_39.1+cvs20050929-2_all.deb
  to pool/main/s/scorched3d/scorched3d-data_39.1+cvs20050929-2_all.deb
scorched3d-doc_39.1+cvs20050929-2_all.deb
  to pool/main/s/scorched3d/scorched3d-doc_39.1+cvs20050929-2_all.deb
scorched3d_39.1+cvs20050929-2.diff.gz
  to pool/main/s/scorched3d/scorched3d_39.1+cvs20050929-2.diff.gz
scorched3d_39.1+cvs20050929-2.dsc
  to pool/main/s/scorched3d/scorched3d_39.1+cvs20050929-2.dsc
scorched3d_39.1+cvs20050929-2_i386.deb
  to pool/main/s/scorched3d/scorched3d_39.1+cvs20050929-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 337403@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bartosz Fenski <fenio@debian.org> (supplier of updated scorched3d package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 22 Feb 2006 09:50:25 +0100
Source: scorched3d
Binary: scorched3d scorched3d-data scorched3d-doc
Architecture: source i386 all
Version: 39.1+cvs20050929-2
Distribution: unstable
Urgency: high
Maintainer: Bartosz Fenski <fenio@debian.org>
Changed-By: Bartosz Fenski <fenio@debian.org>
Description: 
 scorched3d - 3D artillery game similar to Scorched Earth
 scorched3d-data - data files for Scorched3D game
 scorched3d-doc - documentation for Scorched3D game
Closes: 265917 288578 333888 334574 337403
Changes: 
 scorched3d (39.1+cvs20050929-2) unstable; urgency=high
 .
   * Urgency high due to multiple vurnerability fixes.
   * Applied many patches by courtesy of Hans de Goede:
     - fixes all known vulnerabilities: (Closes: #337403)
       See CVE-2005-3488, CVE-2005-3487, CVE-2005-3486 for details.
     - fixes compilation issues on 64bit archs. (Closes: #288578)
     - fixes running issues on 64bit archs. (Closes: #265917)
   * Fixes in desktop file. (Closes: #333888)
   * Added versioned dependency on openal. (Closes: #334574)
Files: 
 d5920513011045146ef14162f7f1b678 843 games optional scorched3d_39.1+cvs20050929-2.dsc
 8a103a8d99f141a8b9406b881f4af949 48377 games optional scorched3d_39.1+cvs20050929-2.diff.gz
 b011dd95d8aa20851e1c10a9c7699338 33746326 games optional scorched3d-data_39.1+cvs20050929-2_all.deb
 dc4d054347a297b8151b03481aabdb57 1085476 games optional scorched3d-doc_39.1+cvs20050929-2_all.deb
 c762eefa699aa5b61d3823cd2fe0334f 1027564 games optional scorched3d_39.1+cvs20050929-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD/Ee2hQui3hP+/EARAkmMAKDTmsp+be2MkTnRJ1Efpk22iqUEpwCfUJfa
ADwaj2ygSM9mpXrGZ7TWidA=
=CVyt
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.