bomberclone segfaults when receiving overly long error packets, possibly allowing remote code execution.
games team please bump, plasmaroo was so nice and provided a patch, which can be found here: http://dev.gentoo.org/~plasmaroo/stuff/bomberclone-fix-kaboom.patch
has said patch come from upstream ? gone to upstream ?
i think plasmaroo mailed it upstream.
<plasmaroo> His reply was very sucky along the lines of "kthx, incvs, bye" * plasmaroo checks WebCVS <plasmaroo> Nice covert commit... doesn't even say what the patch does... fun. <plasmaroo> But it has now gone upstream, yes.
Games team, please apply patch.
0.11.6.2-r1 in portage w/patch
I suppose this is worth a GLSA ?
remote execution over the network, i'd think so ...
Let's go then.
DerCorny: care to forward to vendor-sec@lst.de ?
CVE-2006-0460
GLSA 200602-09