Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 195520 - games-strategy/wesnoth <1.2.7 Denial of Service Vulnerability (CVE-2007-3917)
Summary: games-strategy/wesnoth <1.2.7 Denial of Service Vulnerability (CVE-2007-3917)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/27137
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-11 17:38 UTC by Tobias Heinlein (RETIRED)
Modified: 2007-10-22 20:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Heinlein (RETIRED) gentoo-dev 2007-10-11 17:38:13 UTC 
CVE-2007-3917 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3917):
  Unspecified vulnerability in the multiplayer engine in Wesnoth before 1.2.7
  allows remote servers to cause a denial of service (client application crash)
  via invalid UTF-8 strings.  NOTE: some of these details are obtained from
  third-party information.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2007-10-11 17:41:36 UTC 
Games, please create an updated ebuild.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-10-11 20:29:18 UTC 
games, is the 1.2.7 in the tree ok to go stable?
Comment 3 Mr. Bones. (RETIRED) gentoo-dev 2007-10-11 21:28:32 UTC 
Already in portage.  Just needs to be stablized.
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2007-10-12 08:09:42 UTC 
x86 stable
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2007-10-12 17:51:48 UTC 
ppc stable
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2007-10-14 15:59:01 UTC 
ppc64 stable
Comment 7 Ferris McCormick (RETIRED) gentoo-dev 2007-10-18 14:46:54 UTC 
Stable on sparc.
Comment 8 Mike Doty (RETIRED) gentoo-dev 2007-10-22 04:14:06 UTC 
amd64 stable
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-10-22 07:04:13 UTC 
This one is ready for GLSA vote and I vote NO.
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-10-22 20:18:37 UTC 
only client-side crash?  -> clearly noglsa
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-10-22 20:24:41 UTC 
2 NO votes win.