From ${URL} : It was reported [1] that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access (via the --props or --telnet commandline arguments). If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, it could cause FlightGear to crash. This is due to the cloud name being used as the format string parameter in the snprintf function in flightgear/src/Environment/fgclouds.cxx, in the FGClouds::buildLayer() function: 176 void FGClouds::buildLayer(int iLayer, const string& name, double coverage) { ... 228 do { 229 variety++; 230 snprintf(variety_name, sizeof(variety_name) - 1, cloud_name.c_str(), variety); 231 } while( box_def_root->getChild(variety_name, 0, false) ); [1] http://kuronosec.blogspot.ca/2013/04/flightgear-remote-format-string.html @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not
No patch available from upstream, though the problematic block of code is mentioned in $URL. Red Hat has fixed it in their repos but I couldn't find the fix they used.
These issues were fixed with FlightGear 3.0. Maintainers, any reason why ppc was not stabilized in bug 505912? Can we call for stabilization here and get this bug closed?
See https://bugs.gentoo.org/show_bug.cgi?id=488552#c6 Flighgear is dropped to ~arch. I will proceed with removal of <flightgear-3.0.0 from tree.
I removed the following versions from tree: <dev-games/simgear-3.0.0 <games-simulation/flightgear-3.0.0 <games-simulation/flightgear-data-3.0.0 This effectively drops stable ppc keywords from those packages. PPC users are advised to switch to ~ppc for them.
Very old bug. amd64 and x86 stable. Moving to GLSA process.
This issue was resolved and addressed in GLSA 201603-12 at https://security.gentoo.org/glsa/201603-12 by GLSA coordinator Kristian Fiskerstrand (K_F).