Your message dated Tue, 22 Aug 2017 21:32:20 +0000
with message-id <e1dkgma-0000xc...@fasolo.debian.org>
and subject line Bug#870725: fixed in ioquake3 1.36+u20161101+dfsg1-2+deb9u1
has caused the Debian Bug report #870725,
regarding CVE-2017-11721: read buffer overflow in MSG_ReadBits
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870725
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ioquake3
Severity: grave
Tags: security

Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Source: ioquake3
Source-Version: 1.36+u20161101+dfsg1-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
ioquake3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <s...@debian.org> (supplier of updated ioquake3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 12 Aug 2017 01:37:23 EDT
Source: ioquake3
Binary: ioquake3 ioquake3-server
Architecture: source
Version: 1.36+u20161101+dfsg1-2+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Games Team <pkg-games-de...@lists.alioth.debian.org>
Changed-By: Simon McVittie <s...@debian.org>
Description: 
 ioquake3   - Game engine for 3D first person shooter games
 ioquake3-server - Engine for 3D first person shooter games - server and common 
file
Closes: 870725
Changes:
 ioquake3 (1.36+u20161101+dfsg1-2+deb9u1) stretch-security; urgency=medium
 .
   * Reference CVE-2017-6903 in previous changelog entry
   * Add patch from upstream:
     + Address read buffer overflow in
       MSG_ReadBits (CVE-2017-11721) (Closes: #870725)
     + Check buffer boundary exactly in MSG_WriteBits, instead of
       potentially failing with a few bytes still available
Checksums-Sha256: 
 61bd336200f9cee4b02f23aa1231cb272bb04cbd711b40e5ec16295ff92b8b4b 2310 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc
 f2fc89d979a84088a08f81debd341a4905dc2149185874d17943d2c2044be151 25268 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz
 16c071721387a37b592aad30ed3eddba66cdea87ad808af85f465396a51f4d0b 1886888 
ioquake3_1.36+u20161101+dfsg1.orig.tar.xz
Checksums-Sha1: 
 ec34c192c83e46aaaedbeffd72a60fe6239a80ee 2310 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc
 47651a22549123ec28a480a100764e47f362c0ff 25268 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz
 1287724135101aeed70f4a3cbb0883ca52995052 1886888 
ioquake3_1.36+u20161101+dfsg1.orig.tar.xz
Files: 
 6e7b750d4288a9a7388e96c2f45ed3ac 2310 games optional 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc
 81a330e471f12813df4ca9207d6417d1 25268 games optional 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz
 d14b0fca7af5ebc86688acd874e49b44 1886888 games optional 
ioquake3_1.36+u20161101+dfsg1.orig.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlmOlB0ACgkQ4FrhR4+B
TE9ddRAAqhfiJV/e5ctum/N6saW4wJ7HMcWbOgFT/4hnej6me6QwzgMs841imexd
g1c+Pm+frjx3G1L/e3JHy+vPkfycqvSf/8f4QN5NTvrHj5FVfdV/9m6VHA4MZRlf
VyDd1j5xD1KJhq3/r+NqmvQLft4JOaQMFbh8fkykxIKVR27S/mhhZxMAk0cEgIKw
aoxZ7GWOA1JfaSfoW6A0e1Fn+uRpZcxGZOpe6CJmBiUaESNGUITb4+lw7E7N+FzG
5a3xedYqdLW+WfdbzwqZ44PerE9zEEFrChyUEZFQyTSv+vJHwYZRkEcxDsfVEIBF
CG55IONIggPIpixybSeRGk3Cqzs+rshBHF33hqQ+Mu0hIvaZ67j0uy74s2uATqfK
ev3cP48PLumZ+Aix2Mu7hXIGXUY9M3NXSaGf8C9ykJyr4WlMEq7KS4VH0/Kw1/TB
qZeSVrzE8LEdom9XadkMgqoTLNRiOqbU/LWEDgIixv85iAMmlX7E54pqp8dOkuYa
R/5ld/LpZSw6WcR6vBW0WMuFSXGM7W1SUcwzn25tka/sl0GC2hGmSlOZEdKck23m
0IFfw9RLteGKZlXwIHZTVHnVyX7m7SCVmYzMw9HNobJh/mCqNlZu507IxUBj5aGC
/eNhGcTYHOk5vJW46BlcmtThutQ5NZBCCs6iIOg8BdfpqQ1buos=
=LCdy
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to