606694 – games-fps/openarena: Multiple vulnerabilities through embedded ioquake3 engine (CVE-2011-{1412,2764,3012},CVE-2012-3345)

Bug 606694 - games-fps/openarena: Multiple vulnerabilities through embedded ioquake3 engine (CVE-2011-{1412,2764,3012},CVE-2012-3345)

Summary: games-fps/openarena: Multiple vulnerabilities through embedded ioquake3 engin...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [upstream/ebuild cve]
Keywords:

Depends on:
Blocks:	CVE-2011-1412, CVE-2011-2764, CVE-2011-3012
	Show dependency tree

Reported:	2017-01-21 13:20 UTC by Thomas Deutschmann (RETIRED)
Modified:	2019-12-08 21:32 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-21 13:20:25 UTC

It is suspected that this package is vulnerable to multiple vulnerabilities (including a remote code execution vulnerability) due to embedded ioquake3 engine. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected.

Please see the information contained in the tracker bug 376589 for further details.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-21 13:45:51 UTC

Bug 420783 (CVE-2012-3345) was added to the same tracker.

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2019-03-23 22:14:43 UTC

0.8.8-r1 is still vulnerable to all three CVE's.

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2019-12-08 21:32:24 UTC

Pkg was removed in another bug.