Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 288295 (CVE-2009-3591) - <games-strategy/dopewars-1.5.12-r2: Server DoS (CVE-2009-3591)
Summary: <games-strategy/dopewars-1.5.12-r2: Server DoS (CVE-2009-3591)
Alias: CVE-2009-3591
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2009-10-09 12:10 UTC by Alex Legler (RETIRED)
Modified: 2010-03-06 16:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

dopewars-CVE-2009-3591.patch (dopewars-CVE-2009-3591.patch,714 bytes, patch)
2009-10-09 12:11 UTC, Alex Legler (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-09 12:10:13 UTC
CVE-2009-3591 (
  Dopewars 1.5.12 allows remote attackers to cause a denial of service
  (segmentation fault) via a REQUESTJET message with an invalid
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-09 12:11:27 UTC
Created attachment 206523 [details, diff]

Patch taken from upstream SVN.
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2009-10-09 20:53:47 UTC
in portage.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-06 14:36:58 UTC
Arches, please test and mark stable:
Target keywords : "amd64 ppc x86"

Games: Please remove the old version after 1.5.12-r2 is stable.
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2009-11-07 17:10:54 UTC
x86 stable
Comment 5 Markus Meier gentoo-dev 2009-11-09 12:46:06 UTC
amd64 stable
Comment 6 Mounir Lamouri (volkmar) (RETIRED) gentoo-dev 2009-11-11 11:10:32 UTC
ppc stable
It was the last arch so, security team, you can fix the bug.
Comment 7 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-11 12:27:56 UTC
Ready to vote, I vote NO (just DOS and just a game server).
Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-12-18 08:19:41 UTC
NO too, closing