Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

teeworlds: CVE-2016-9400: possible remote code execution on the client

Related Vulnerabilities: CVE-2016-9400  

Source

Debian Bug report logs - #844546
teeworlds: CVE-2016-9400: possible remote code execution on the client

version graph

Package: teeworlds; Maintainer for teeworlds is Debian Games Team <pkg-games-devel@lists.alioth.debian.org>; Source for teeworlds is src:teeworlds (PTS, buildd, popcon).

Reported by: Felix Geyer <fgeyer@debian.org>

Date: Wed, 16 Nov 2016 19:21:01 UTC

Severity: grave

Tags: fixed-upstream, security, upstream

Found in version teeworlds/0.6.1+dfsg-1

Fixed in version teeworlds/0.6.4+dfsg-1

Done: Felix Geyer <fgeyer@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, security@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#844546; Package teeworlds. (Wed, 16 Nov 2016 19:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Felix Geyer <fgeyer@debian.org>:
New Bug report received and forwarded. Copy sent to security@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>. (Wed, 16 Nov 2016 19:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Felix Geyer <fgeyer@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: teeworlds: possible remote code execution on the client
Date: Wed, 16 Nov 2016 20:16:56 +0100
Package: teeworlds
Version: 0.6.1+dfsg-1
Severity: grave
Tags: security
Justification: user security hole

teeworlds upstream has released version 0.6.4.

https://www.teeworlds.com/?page=news&id=12086 says

> the security vulnerability is worse, attacker controlled memory-writes and
> possibly arbitrary code execution on the client, abusable by any server the
> client joins

The upstream fix:
https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62

There doesn't seem to be a CVE assigned to this vulnerability.

Felix

Added tag(s) upstream and fixed-upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 16 Nov 2016 19:30:02 GMT) (full text, mbox, link).

Reply sent to Felix Geyer <fgeyer@debian.org>:
You have taken responsibility. (Thu, 17 Nov 2016 21:12:10 GMT) (full text, mbox, link).

Notification sent to Felix Geyer <fgeyer@debian.org>:
Bug acknowledged by developer. (Thu, 17 Nov 2016 21:12:10 GMT) (full text, mbox, link).

Message #12 received at 844546-close@bugs.debian.org (full text, mbox, reply):

From: Felix Geyer <fgeyer@debian.org>
To: 844546-close@bugs.debian.org
Subject: Bug#844546: fixed in teeworlds 0.6.4+dfsg-1
Date: Thu, 17 Nov 2016 21:10:46 +0000
Source: teeworlds
Source-Version: 0.6.4+dfsg-1

We believe that the bug you reported is fixed in the latest version of
teeworlds, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 844546@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fgeyer@debian.org> (supplier of updated teeworlds package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Nov 2016 20:57:15 +0100
Source: teeworlds
Binary: teeworlds teeworlds-server teeworlds-data
Architecture: source
Version: 0.6.4+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Felix Geyer <fgeyer@debian.org>
Description:
 teeworlds  - online multi-player platform 2D shooter
 teeworlds-data - data for Teeworlds; an online multi-player platform 2D shooter
 teeworlds-server - server for Teeworlds; an online multi-player platform 2D shooter
Closes: 844546
Changes:
 teeworlds (0.6.4+dfsg-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes possible remote code execution on the client. (Closes: #844546)
   * Refresh new-wavpack.patch
   * Drop patches that have been fixed upstream:
     - fix-gcc6-rename-round.patch
     - fix-gcc6-var-types.patch
     - reset-nethash.patch
Checksums-Sha1:
 d3643df6cedba2b5e02c94b59a8d2c3c5f808950 2249 teeworlds_0.6.4+dfsg-1.dsc
 485599e6943352cae713782c2c9dfe48d04f1654 7046740 teeworlds_0.6.4+dfsg.orig.tar.gz
 09148a5c0d0c906ed4baabf2e32d0e0c4b655857 8196 teeworlds_0.6.4+dfsg-1.debian.tar.xz
Checksums-Sha256:
 dcdc77474a44eae1b67268495697d67eaf24f87e575f9fd48a8dc2360d644907 2249 teeworlds_0.6.4+dfsg-1.dsc
 62286ee7c786dc565f42864ca23dd02a6b4ba7b52ed54014145ec9724a2df045 7046740 teeworlds_0.6.4+dfsg.orig.tar.gz
 e16674531f71e67f00810f1f2c60fecac67f1e30b27b7729cd5a30fbc904145a 8196 teeworlds_0.6.4+dfsg-1.debian.tar.xz
Files:
 c176510c4ca619ed9bedb45488ffaf7e 2249 games optional teeworlds_0.6.4+dfsg-1.dsc
 d24bd8b9b68a403adcdd6b2cfb485c13 7046740 games optional teeworlds_0.6.4+dfsg.orig.tar.gz
 984b4fcb8f6de3daa849f6d246c11115 8196 games optional teeworlds_0.6.4+dfsg-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYLgv0AAoJEP4ixv2DE11FVHIQAJvbgTB7VE5cYkk6TU8dlJBM
/xmpZA78pxWRkNthBbDnu1MEFZau1SyhjCxdvzCZxlwMXhLXoQ00ywkrsdM4AeIl
QkVBxzrD6dYFe7LgoogMbWfFipsrkq+FvrubcR3gBdvMB3dk+3unvh5M0+J6cPIh
uKIw8MaHcRSYoIxQ6Aa3DHIAm9utYK4xZ5vgFhA7qbDOfYXKTkE7WLqUESOoVGb0
1K9j5FnC6GvONIDQtssjyVJnKswNkKfJnQ9acjIb3wN4L6tI2yxbC92mxUNgIWsk
xzQns/xaqq/3rQToGd8xT3x3qq92MMij9C42GGF8cvHjOsiQ3nK30ermbSG/nacR
VCw2S5LszI6HE3cLfjjbHpAxWIkHSKUVVtLiVw/xtq2S4zl1d1yu28S1UQCixuNc
e5Q6OKmWsGgyLGKB55z+msF1r99//Lyvxplxs2cMDYXT9Co5AnCLVutmAArvwehR
VMlfVn2f+J+y6GYuEzqfEcB+cEqYxJZrPzkV1M2I45GrfHC4Y5xTRaSQDo9IHAyv
aDCxWyWU3wTijGwl55HGn5txpTmMwDCn3/ul/t4nOv0XzvgmntrfNctmqy+p5Ruq
9Da8cPC8FypPjdUasm8nGNWz+Tx4BXcemSrU6HknboFo1KgVhyCdkDuvq32smEjZ
+5uMFPMv57zj3Hxnhzv8
=Zo1U
-----END PGP SIGNATURE-----

Changed Bug title to 'teeworlds: CVE-2016-9400: possible remote code execution on the client' from 'teeworlds: possible remote code execution on the client'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 18 Nov 2016 05:15:08 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 29 Dec 2016 08:34:31 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:12:56 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started