From ${URL} : Description A vulnerability has been reported in the OpenTTD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "HandleCrashedAircraft()" function (aircraft_cmd.cpp) and can be exploited to cause a crash of the server when aircrafts are forced to crash outside the bounds of a map. The vulnerability is reported in versions 0.3.6 through 0.5.3, 0.6.0 through 0.7.3, 1.0.0 through 1.1.5, and 1.2.0 through 1.3.2. Solution: Apply patch or update to version 1.3.3 when available. Further details available to Secunia VIM customers Provided and/or discovered by: Reported by the vendor. Original Advisory: http://security.openttd.org/en/CVE-2013-6411 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2013-6411 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6411): The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map.
Ok, stabilization and cleanup are done. GLSA vote: yes
GLSA Vote: Yes Created a New GLSA request.
This issue was resolved and addressed in GLSA 201407-01 at http://security.gentoo.org/glsa/glsa-201407-01.xml by GLSA coordinator Mikle Kolyada (Zlogene).
