Summary: | <games-fps/worldofpadman-1.6-r1: Multiple vulnerabilities through embedded ioquake3 engine (CVE-2011-{1412,2764,3012},CVE-2012-3345) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | games |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 376589 |
Description
Thomas Deutschmann (RETIRED)
2017-01-21 13:25:46 UTC
Bug 420783 (CVE-2012-3345) was added to the same tracker. Validating the source code shows that the embedded Quake3 engine is carrying the latest patches from SVN trunks 2097 and 2098. The relevant code is seen in the TRACKER bug for each CVE reported. http://svn.icculus.org/quake3/trunk/code/qcommon/files.c?r1=2098&r2=2097&pathrev=2098 http://svn.icculus.org/quake3/trunk/code/sys/sys_unix.c?r1=2097&r2=2096&pathrev=2097 Given the ancient history here, I am showing <1.6-r1 as vulnerable which indicates the latest ebuild in tree is safe from these CVE's. |