Your message dated Sat, 04 May 2019 20:48:26 +0000 with message-id <e1hn1a6-000cev...@fasolo.debian.org> and subject line Bug#927152: fixed in teeworlds 0.7.2-4 has caused the Debian Bug report #927152, regarding teeworlds: CVE-2019-10877 CVE-2019-10878 CVE-2019-10879 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927152: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927152 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: teeworlds X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for teeworlds. CVE-2019-10877[0]: | In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in | engine/shared/map.cpp that can lead to a buffer overflow, because | multiplication of width and height is mishandled. CVE-2019-10878[1]: | In Teeworlds 0.7.2, there is a failed bounds check in | CDataFileReader::GetData() and CDataFileReader::ReplaceData() and | related functions in engine/shared/datafile.cpp that can lead to an | arbitrary free and out-of-bounds pointer write, possibly resulting in | remote code execution. CVE-2019-10879[2]: | In Teeworlds 0.7.2, there is an integer overflow in | CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to | a buffer overflow and possibly remote code execution, because size- | related multiplications are mishandled. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10877 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10877 [1] https://security-tracker.debian.org/tracker/CVE-2019-10878 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10878 [2] https://security-tracker.debian.org/tracker/CVE-2019-10879 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10879 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: teeworlds Source-Version: 0.7.2-4 We believe that the bug you reported is fixed in the latest version of teeworlds, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 927...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dylan Aïssi <dai...@debian.org> (supplier of updated teeworlds package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 04 May 2019 22:14:03 +0200 Source: teeworlds Architecture: source Version: 0.7.2-4 Distribution: unstable Urgency: medium Maintainer: Debian Games Team <pkg-games-de...@lists.alioth.debian.org> Changed-By: Dylan Aïssi <dai...@debian.org> Closes: 927152 928110 Changes: teeworlds (0.7.2-4) unstable; urgency=medium . * Team upload. * Add upstream patches to fix CVE-2019-10877 CVE-2019-10878 CVE-2019-10879 (Closes: #927152). * Add upstream patch to fix creation of recursive path. (Closes: #928110) Checksums-Sha1: 7c4886af6abd4fa75905d2e4f695d933b34393e8 2260 teeworlds_0.7.2-4.dsc 323d4d9311b7a7c0ed7d9b95d197b28fa668f2db 21840 teeworlds_0.7.2-4.debian.tar.xz dabaf256c769b4ce2069db60574b8680acb3d249 12770 teeworlds_0.7.2-4_amd64.buildinfo Checksums-Sha256: e8a88361a17c08356a155ab1d43bd2555c7a86737234016cd224f0f7c82d795a 2260 teeworlds_0.7.2-4.dsc 4dc244347c62b61d897a1794e003e60cfdfce5cee66c7d3dfd29405f5ed1308b 21840 teeworlds_0.7.2-4.debian.tar.xz 88ae20ef928a7ade3a5a560b1a5a7ba5b1aca303f364adadd8d29a57e455e6da 12770 teeworlds_0.7.2-4_amd64.buildinfo Files: 323d5ff22b7e9de95f21e2e5e2ff286f 2260 games optional teeworlds_0.7.2-4.dsc a2c3431eaf8d8275174bb454778b427e 21840 games optional teeworlds_0.7.2-4.debian.tar.xz ea08ceb5ab9950bbcb48c4ff1ddba214 12770 games optional teeworlds_0.7.2-4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAlzN9QUSHGRhaXNzaUBk ZWJpYW4ub3JnAAoJEGEu8WE+BQ9U82YP/RJkfZUkFIvMr3WV56YAtHR7UDgTuy7m UQeuG2E/BPZJoxT/9xv63ez2rqD4LxSVtHxIitZpUVyiPYz2Sw3cr022mtIOco8u FQuT5+V6JZ0FRmQJLCKVqa2FWlfahw+9V9ZB5HH5P4pX4vpzHN+f4ycVQU3/LUVW /Y9SsJLMwSqeZp40f9rsGkt2IAjzaCNLMnwI2UY6yFhCodjjnmsWBHW36HXBH6ND 6MlAT0OXu2eS+IcBrWiklYKVSJNa4IM195dTMGRGNXxedbpZzscJbOaeULMxRTtS Ga7Jn/f8rE/+3c2y4iqDYKCNYbX+/YuSOpKnaADcyIsBBowvqXqxcCWx5YSJCBUJ Tjm/YUS52Z11R7d3vWVHWljII8YR32f3+PpLLg5QDSv6EEWopRokGn93q1HtUNbV Lu8wdHXReXzqkgsyskQQZVxTEy8rwNWd9KXaGq2QCAN8bsjPXO2YVUN2KEaL674f hE6I4ngPHCRtQ6Q9eyQ/EHWhLFHdO+GGAKocr68PVJVYKajVQ0gXF9Fn0VJyukHT C1eWBvoRGIOT1+T5azEzGWrpCLqTvPRySYm2Dss2+m4h2sqjPsgsYz1+gvN885a0 Y45Uj2VX6LmHIXHz2N5HdnvjihNmsFWxTZyqc7u2n+weCDgg0g781YJvpfYD9D30 q89jAgmaBYZT =VMYD -----END PGP SIGNATURE-----
--- End Message ---
