Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 863848 (CVE-2022-39047) - <games-strategy/freeciv-3.0.1-r1: modpack installer buffer overflow
Summary: <games-strategy/freeciv-3.0.1-r1: modpack installer buffer overflow
Status: RESOLVED FIXED
Alias: CVE-2022-39047
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo Security
URL: https://osdn.net/projects/freeciv/tic...
Whiteboard: ~3 [noglsa]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2022-08-05 17:30 UTC by John Helmert III
Modified: 2024-02-12 02:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-05 17:30:19 UTC
oss-security post: https://www.openwall.com/lists/oss-security/2022/08/05/1

"Just released freeciv-2.6.7 & freeciv-3.0.3 fix buffer overflow in
Modpack Installer utility's handling of the modpack URL. Specially
crafted URLs, without any '/' -characters would result in an
underflowing length (unsigned)(-1) string copy, i.e., all of the
NULL-terminated string given as "URL" would get written beyond the
buffer reserved for it."

Please bump to 3.0.3.
Comment 1 Larry the Git Cow gentoo-dev 2024-02-10 21:15:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24750791aaf556f3c73166243f0c5417df1c71a8

commit 24750791aaf556f3c73166243f0c5417df1c71a8
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-12-17 19:33:43 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-02-10 21:15:11 +0000

    games-strategy/freeciv: add 3.0.10
    
    - gtk client -> gtk3.22 client
    - drop ipv6 use
    - remove superfluous sed
    
    Closes: https://bugs.gentoo.org/872353
    Bug: https://bugs.gentoo.org/863848
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 games-strategy/freeciv/Manifest              |   1 +
 games-strategy/freeciv/freeciv-3.0.10.ebuild | 193 +++++++++++++++++++++++++++
 2 files changed, 194 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-12 02:44:48 UTC
commit bcee564b25eecdc46e385bc51cd2b43a320ea80f
Author: Matt Jolly <Matt.Jolly@footclan.ninja>
Date:   Sat Feb 10 18:32:27 2024 +1000

    games-strategy/freeciv: drop 3.0.1-r1

    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Matt Jolly <kangie@gentoo.org>