From https://bugzilla.redhat.com/show_bug.cgi?id=1697855: In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled. Reference: https://github.com/teeworlds/teeworlds/issues/2071 From https://bugzilla.redhat.com/show_bug.cgi?id=1697919: In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution. Reference: https://github.com/teeworlds/teeworlds/issues/2073 From https://bugzilla.redhat.com/show_bug.cgi?id=1697928: In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled. Reference: https://github.com/teeworlds/teeworlds/issues/2070 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Package has no stable ebuild.
CVE-2020-12066 (https://nvd.nist.gov/vuln/detail/CVE-2020-12066): CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. CVE-2019-20787 (https://nvd.nist.gov/vuln/detail/CVE-2019-20787): Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.
Bumped in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6101c95ee5879e1d10a5e502c88f3a752df06751. Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9e74fa9c10625e66021aa729889d6b418754c9d commit a9e74fa9c10625e66021aa729889d6b418754c9d Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-17 21:31:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-17 23:59:59 +0000 games-action/teeworlds: security cleanup Bug: https://bugs.gentoo.org/683000 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> games-action/teeworlds/Manifest | 1 - .../files/0.6/01-use-system-wavpack.patch | 101 ------------- .../files/0.6/02-fixed-wavpack-sound-loading.patch | 109 -------------- .../files/0.6/03-use-system-pnglite.patch | 160 --------------------- .../teeworlds/files/0.6/04-dedicated.patch | 15 -- .../teeworlds/files/0.6/05-cc-cflags.patch | 18 --- games-action/teeworlds/teeworlds-0.6.4.ebuild | 118 --------------- 7 files changed, 522 deletions(-)
Tree is clean, ~ package so no GLSA, closing.