Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 863848 (CVE-2022-39047)

Summary: <games-strategy/freeciv-3.0.1-r1: modpack installer buffer overflow
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: ajak, games
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://osdn.net/projects/freeciv/ticket/45299
See Also: https://github.com/gentoo/gentoo/pull/34331
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-05 17:30:19 UTC
oss-security post: https://www.openwall.com/lists/oss-security/2022/08/05/1

"Just released freeciv-2.6.7 & freeciv-3.0.3 fix buffer overflow in
Modpack Installer utility's handling of the modpack URL. Specially
crafted URLs, without any '/' -characters would result in an
underflowing length (unsigned)(-1) string copy, i.e., all of the
NULL-terminated string given as "URL" would get written beyond the
buffer reserved for it."

Please bump to 3.0.3.
Comment 1 Larry the Git Cow gentoo-dev 2024-02-10 21:15:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24750791aaf556f3c73166243f0c5417df1c71a8

commit 24750791aaf556f3c73166243f0c5417df1c71a8
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-12-17 19:33:43 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-02-10 21:15:11 +0000

    games-strategy/freeciv: add 3.0.10
    
    - gtk client -> gtk3.22 client
    - drop ipv6 use
    - remove superfluous sed
    
    Closes: https://bugs.gentoo.org/872353
    Bug: https://bugs.gentoo.org/863848
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 games-strategy/freeciv/Manifest              |   1 +
 games-strategy/freeciv/freeciv-3.0.10.ebuild | 193 +++++++++++++++++++++++++++
 2 files changed, 194 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-12 02:44:48 UTC
commit bcee564b25eecdc46e385bc51cd2b43a320ea80f
Author: Matt Jolly <Matt.Jolly@footclan.ninja>
Date:   Sat Feb 10 18:32:27 2024 +1000

    games-strategy/freeciv: drop 3.0.1-r1

    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Matt Jolly <kangie@gentoo.org>