Summary: | <games-emulation/mednafen-0.8.13: security version bump (CVE-2010-3085) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sergey Kondakov <virtuousfox> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | games | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://mednafen.sourceforge.net | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sergey Kondakov
2010-06-29 08:51:12 UTC
Created attachment 236893 [details]
games-emulation/mednafen-0.8.13.ebuild
sample ebuild
Thanks for the version bump notice. Assigning to maintainer 0.8.13 is now in portage. Thanks "Fixed a couple of remotely-exploitable(if connected to a malicious server) stack manipulation bugs in the network play code." This is a security release. Security, I think the committed ebuild is okay, we just need a stabilization round (and according to a recent post to -dev I should not cc archs myself but leave that up to security). These vulnerabilities have been assigned CVE-2010-3085. Stabilization took place via Bug 337536. GLSA Request filed. CVE-2010-3085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3085): The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues. That version is no more in the tree. The only version is the 0.9.21 This issue was resolved and addressed in GLSA 201311-01 at http://security.gentoo.org/glsa/glsa-201311-01.xml by GLSA coordinator Sergey Popov (pinkbyte). |