CVE-2012-2091 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2091): Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx. CVE-2012-2090 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2090): Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.
@maintainers: your opinion? upstream seems put this into low priority in discussion[1], but maybe i miss something. Probably we should mask this [1] - http://sourceforge.net/mailarchive/message.php?msg_id=28957051
Affected versions are long gone from repository. Just sayin..
Oops, it seems we missed resolution on this New GLSA request is filed
This issue was resolved and addressed in GLSA 201603-12 at https://security.gentoo.org/glsa/201603-12 by GLSA coordinator Kristian Fiskerstrand (K_F).
