CVE-2010-0401 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0401): OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.
*** Bug 321553 has been marked as a duplicate of this bug. ***
CVE-2010-0402 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0402) OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.
CVE-2010-04-06 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0406) OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file- descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.
CVE-2010-2534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2534): The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.
Please close it: version 1.0.3 isn't present anymore in portage!
GLSA vote: no.
Vote: no, closing noglsa.