166044 2007-02-09 09:41 0000 games-fps/nexuiz: input validation errors 2007-02-25 16:12:40 0000 1 1 1 Unclassified Gentoo Linux Security 2006.1 All Linux RESOLVED FIXED http://www.frsirt.com/english/advisories/2006/4992 B2 [glsa] Falco P2 normal --- 1 corsair@gentoo.org security@gentoo.org games@gentoo.org corsair@gentoo.org 2007-02-09 09:41:14 0000 Nexuiz >=2.2.1 fixes a security issue resulting is a DOS. 2.2.3 is already in the tree, but not stable. from http://www.frsirt.com/english/advisories/2006/4992 : - Technical Description Multiple vulnerabilities have been identified in Nexuiz, which could be exploited by attackers to execute arbitrary commands or cause a denial of service. The first issue is due to an input validation error within "clientcommands", which could be exploited by remote attackers to inject arbitrary commands. The second issue is due to an error when processing player connections, which could be exploited by attackers to crash a vulnerable application or exhaust all available memory resources, creating a denial of service condition. - Affected Products Nexuiz versions prior to 2.2.1 mr_bones_@gentoo.org 2007-02-09 17:40:39 0000 I removed 2.1 corsair@gentoo.org 2007-02-09 17:48:20 0000 wasn't 2.1 the latest stable version for x86 and amd64? corsair@gentoo.org 2007-02-09 17:51:11 0000 whoops, you marked 2.2.3 stable, too. cool. thanks. @security: what's next? glsa, no glsa? mr_bones_@gentoo.org 2007-02-09 17:55:11 0000 I think since 2.1 was stable a glsa would be good. falco@gentoo.org 2007-02-10 22:20:56 0000 Yes, good, you should join the security team :) falco@gentoo.org 2007-02-25 16:12:40 0000 GLSA 200702-09, thanks everybody and sorry for the delay