Package: nexuiz Version: 2.1-1 Severity: grave Tags: security Justification: user security hole
I'm currently busy and hadn't had the time to investigate it myself yet, but it should be tracked for Etch: Nexuiz 2.2.1 fixed two vulnerabilities: http://sourceforge.net/project/shownotes.php?release_id=470675&group_id=81584 - fixed fake players DoS (CVE-2006-6609) - fixed clientcommands remote console command injection (CVE-2006-6610) If the second vulnerability refers to shell command execution and not to some kind of in-game-console ala Quake this warrants an RC security bug. Cheers, Moritz -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]