Summary: | <games-action/teeworlds-0.6.4: Remote code execution on teeworlds client | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | games, learath2 | ||||
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://seclists.org/oss-sec/2016/q4/448 | ||||||
Whiteboard: | B1 [glsa cve] | ||||||
Package list: |
games-action/teeworlds-0.6.4
|
Runtime testing required: | --- | ||||
Attachments: |
|
Description
Thomas Deutschmann (RETIRED)
2016-11-18 15:09:53 UTC
Created attachment 469550 [details, diff]
Version bump
Fixes the old ebuilds as well but i'd remove them completely given this is a RCE. We've yet to see it in use by anyone though so that's nice.
I could also pull-request this if that's desirable.
Thank you for your contribution. Yes, please create a pull request if possible. Once a fixed version/ebuild is in repository and stable we will clean up previous versions. From your patch: > +PM=$(echo ${PV} | cut -c 1-3) Please try to match Gentoo style. I.e. if you need to change PV use MY_PV and try to use versionator eclass (https://devmanual.gentoo.org/eclass-reference/versionator.eclass/) instead of cut. Made the requested changes and a pull request. https://github.com/gentoo/gentoo/pull/4400 0.6.4 is now in the tree. amd64 and x86 teams, please stabilise. I've tried it out myself on amd64 and it works fine. If you want to try it, it's a relatively small download for a game. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Old removed. Security team, please continue. This issue was resolved and addressed in GLSA 201705-13 at https://security.gentoo.org/glsa/201705-13 by GLSA coordinator Thomas Deutschmann (whissi). |