Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request. http://secunia.com/advisories/19044
games team, are we affected? if so, please provide fixed packages. its maybe not only DoS, CVE also talks about possible RCE.
1.9.0 is the only version in portage so I don't think we're affected.
Well, don't know who did it, but as I reported the bug, 1.7.1 was marked stable and 1.9.0 wasn't even in the tree. Someone removed the older ebuilds and marked 1.9.0 stable without leaving a sentence in the ChangeLog.
seems to be ready for GLSA
GLSA 200604-11
