Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 606694

Summary: games-fps/openarena: Multiple vulnerabilities through embedded ioquake3 engine (CVE-2011-{1412,2764,3012},CVE-2012-3345)
Product: Gentoo Security Reporter: Thomas Deutschmann <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: games, redblade7, slawomir.nizio
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [upstream/ebuild cve]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 376589    

Description Thomas Deutschmann gentoo-dev 2017-01-21 13:20:25 UTC
It is suspected that this package is vulnerable to multiple vulnerabilities (including a remote code execution vulnerability) due to embedded ioquake3 engine. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected.

Please see the information contained in the tracker bug 376589 for further details.
Comment 1 Thomas Deutschmann gentoo-dev 2017-01-21 13:45:51 UTC
Bug 420783 (CVE-2012-3345) was added to the same tracker.
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-03-23 22:14:43 UTC
0.8.8-r1 is still vulnerable to all three CVE's.
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-12-08 21:32:24 UTC
Pkg was removed in another bug.