324869 – <games-strategy/ufo-ai-2.3: Multiple vulnerabilities

Bug 324869 - <games-strategy/ufo-ai-2.3: Multiple vulnerabilities

Summary: <games-strategy/ufo-ai-2.3: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://sourceforge.net/projects/ufoai...
Whiteboard:	~1 [noglsa]
Keywords:

Duplicates (1):	324633 (view as bug list)
Depends on:
Blocks:

Reported:	2010-06-20 19:20 UTC by Azamat H. Hackimov
Modified:	2010-08-12 08:35 UTC (History)
CC List:	8 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ufo-ai-2.3.ebuild (ufo-ai-2.3.ebuild,2.56 KB, text/plain) 2010-06-20 23:05 UTC, Tomáš Chvátal (RETIRED)	no flags	Details
ufo-ai-2.3.ebuild (ufo-ai-2.3.ebuild,2.43 KB, text/plain) 2010-07-07 16:32 UTC, Ai Locke Shinseiko (Wizzleby)	no flags	Details
ufo-ai-2.3.ebuild (ufo-ai-2.3.ebuild,2.50 KB, text/plain) 2010-07-07 18:44 UTC, Ai Locke Shinseiko (Wizzleby)	no flags	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Azamat H. Hackimov 2010-06-20 19:20:03 UTC

2.3 released, tarballs avalaible on Sorceforge. There huge set of changes since 2.2.1.

Comment 1 Samuli Suominen (RETIRED) gentoo-dev

2010-06-20 19:32:49 UTC

*** Bug 324633 has been marked as a duplicate of this bug. ***

Comment 2 Tomáš Chvátal (RETIRED) gentoo-dev

2010-06-20 23:05:42 UTC

Created attachment 236101 [details]
ufo-ai-2.3.ebuild

Few glitches:
linguas handling is quite insane.

it operates with hardcoded name ufoai. Might be good idea to pkgmove it and be over with it rather than patch it.

Comment 3 Jaak Ristioja 2010-06-22 07:14:02 UTC

Version 2.3 also fixes multiple vulnerabilities present in 2.2.1, which allow attackers to remotely execute arbitrary code via buffer overflows.

References:
* http://www.securityfocus.com/bid/41004/info
* http://www.securityfocus.com/archive/1/511900

Comment 4 Stefan Behte (RETIRED) gentoo-dev

2010-06-22 16:42:35 UTC

Games, please provide an updated ebuild.

Comment 5 Ai Locke Shinseiko (Wizzleby) 2010-07-07 16:32:45 UTC

Created attachment 237911 [details]
ufo-ai-2.3.ebuild

The ebuild was missing some dependencies when USE=doc, had to change SRC_URI wrt the data tarball, and we can remove the ugly bit with the escaped space.
Also fixed make_desktop_entry to point to valid executables (they are installed as ufo, and ufoded, but the desktop entry was pointing to ${PN} and ${PN}-ded

Comment 6 Ai Locke Shinseiko (Wizzleby) 2010-07-07 16:33:49 UTC

(In reply to comment #5)
> Created an attachment (id=237911) [details]
> ufo-ai-2.3.ebuild

The ebuild as attached has been pushed to the gamerlay overlay.

Comment 7 Ai Locke Shinseiko (Wizzleby) 2010-07-07 18:44:03 UTC

Created attachment 237929 [details]
ufo-ai-2.3.ebuild

When USE=doc, actually install (dodoc) the pdf manual

Comment 8 Mr. Bones. (RETIRED) gentoo-dev

2010-07-07 21:12:08 UTC

In portage.  Thanks for the ebuild submission and bug report.

Comment 9 Alex Legler (RETIRED) archtester

2010-08-12 08:35:43 UTC

Closing noglsa.