Summary: | games-action/bomberclone: buffer overflow when receiving overly long error packets | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Cornelius (RETIRED) <dercorny> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa] DerCorny | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Cornelius (RETIRED)
2006-02-04 16:00:02 UTC
games team please bump, plasmaroo was so nice and provided a patch, which can be found here: http://dev.gentoo.org/~plasmaroo/stuff/bomberclone-fix-kaboom.patch has said patch come from upstream ? gone to upstream ? i think plasmaroo mailed it upstream. <plasmaroo> His reply was very sucky along the lines of "kthx, incvs, bye" * plasmaroo checks WebCVS <plasmaroo> Nice covert commit... doesn't even say what the patch does... fun. <plasmaroo> But it has now gone upstream, yes. Games team, please apply patch. 0.11.6.2-r1 in portage w/patch I suppose this is worth a GLSA ? remote execution over the network, i'd think so ... Let's go then. DerCorny: care to forward to vendor-sec@lst.de ? CVE-2006-0460 GLSA 200602-09 |