Your message dated Tue, 24 Jan 2023 04:23:17 +0000
with message-id <[email protected]>
and subject line Bug#1028986: fixed in sgt-puzzles 20230122.806ae71-1
has caused the Debian Bug report #1028986,
regarding Multiple integer overflow and buffer overflow issues in game loading
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1028986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028986
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sgt-puzzles
Version: 20220801.89391ba-1
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
Ben Harris found multiple issues in sgt-puzzles where a malformed game
description or save file can lead to integer overflow or buffer
overflow. These were fixed upstream today, and I'll upload the
changes to unstable shortly.
The Debian package doesn't register any media type handler for save
files, so I think this can only be exploited by social-engineering a
user into loading such a file or description.
Ben.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'oldstable-updates'), (500,
'unstable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.0.0-6-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sgt-puzzles depends on:
ii libc6 2.36-6
ii libcairo2 1.16.0-7
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1
ii libglib2.0-0 2.74.3-1
ii libgtk-3-0 3.24.35-3
ii libpango-1.0-0 1.50.12+ds-1
ii libpangocairo-1.0-0 1.50.12+ds-1
Versions of packages sgt-puzzles recommends:
ii chromium [www-browser] 108.0.5359.124-1
ii firefox [www-browser] 108.0-2
ii lynx [www-browser] 2.9.0dev.10-1+b1
ii xdg-utils 1.1.3-4.1
sgt-puzzles suggests no packages.
-- debconf-show failed
--- End Message ---
--- Begin Message ---
Source: sgt-puzzles
Source-Version: 20230122.806ae71-1
Done: Ben Hutchings <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sgt-puzzles, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ben Hutchings <[email protected]> (supplier of updated sgt-puzzles package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jan 2023 03:09:26 +0100
Source: sgt-puzzles
Architecture: source
Version: 20230122.806ae71-1
Distribution: unstable
Urgency: medium
Maintainer: Ben Hutchings <[email protected]>
Changed-By: Ben Hutchings <[email protected]>
Closes: 887982 1018235 1028986
Changes:
sgt-puzzles (20230122.806ae71-1) unstable; urgency=medium
.
* New upstream version:
- Multiple fixes for integer overflow and buffer overflow issues in game
loading (Closes: #1028986)
* Install 96x96 application icons (Closes: #887982)
* Use po4a-updatepo instead of po4a-gettextize
* Update German translation.
Thanks to Helge Kreutzmann (Closes: #1018235)
Checksums-Sha1:
496cab5514610def4f674ef6727fb87d11ff3b3b 2044
sgt-puzzles_20230122.806ae71-1.dsc
ef06980e22fc2451ed0bb41229f8c4433595c44b 855568
sgt-puzzles_20230122.806ae71.orig.tar.xz
d224aa5af7e0e33afcd54a6072438c55c37a9034 99720
sgt-puzzles_20230122.806ae71-1.debian.tar.xz
2128c2374268487fa9442b58ded091d9c036d329 15203
sgt-puzzles_20230122.806ae71-1_amd64.buildinfo
Checksums-Sha256:
42bb06da4a26fa4f24ef6589c041ffb3c390cf18005b742c88d998b2ea0c1076 2044
sgt-puzzles_20230122.806ae71-1.dsc
6e236301b0ef756b9f421c8cdb50edc5510a6e5f6f7f1d3b8384dfd3d5204a99 855568
sgt-puzzles_20230122.806ae71.orig.tar.xz
e8b69cda40b0809753e72da15a562fcedb091f6178baf37bbe4109815dac8113 99720
sgt-puzzles_20230122.806ae71-1.debian.tar.xz
92b51591cd5eacc2fddad2161ad2ed0a14539f023c46e1b412977c7b67c16bbf 15203
sgt-puzzles_20230122.806ae71-1_amd64.buildinfo
Files:
297706194e6b8bc3cdee71ccbd2b7578 2044 games optional
sgt-puzzles_20230122.806ae71-1.dsc
27245fbbbafea8da85ea94b2035a34c8 855568 games optional
sgt-puzzles_20230122.806ae71.orig.tar.xz
0bf7fa2186146f2dced8b924924d6ba5 99720 games optional
sgt-puzzles_20230122.806ae71-1.debian.tar.xz
ccf174e793532062d7af492cd03848f7 15203 games optional
sgt-puzzles_20230122.806ae71-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmPPWO8ACgkQ57/I7JWG
EQliAA/8DpRbDz1C4x9gKlI/6AiDMPkmthK5ucCQFDqnqG97wIQgH7d8NS4NGiab
2H3OWrWwHgxSjjQCVyzuQYqa879JQSNJy5f3pBLYQAFYpzYJ6jNzoRLsMJnLW7/T
CCSsMyHrGtUtU8cZt8nlExdt8u+X8jeDPqE8vQX32z50spwHppwP16+O8hR65FOc
z2Dcb1dWSz5Ettl0aGKPd+NnsNftU05jOmNgM/cjhNFCVkl22rlw9hfxfFBHsW5P
aQ+3wfiYqAKZd+6yVHv6Ebn4zOBERax6JeR6zWx7LsVoQHSRSooiBVkof6Tpih22
dEWcj3SJPT7l9uiD7GwHA/iAPR25vgJEgq98hjYF35nt9YpqbFi5Y+9zf1VXLNe1
/fR0Mg2NVr5Pr8huhctj5eJrx3kJAb5K9DPoq+ZYftIvj4eEP+fbhjquMHc9h7LP
3w41O9We6g7mpcuEy94bElmHFdultxO/hj3V+ckiP0Z1IZgwEAAGfym3EShOBJY4
yst9m8uv+OEXQmNaOAlEL1kwy6wB8/FT8PE7YlInDywhn5jhIsiWD+ILbIblu4De
0xDOI8MPW52q0nGmBQVWbrJhe/ThwB7zuI//rwUzt2Ta7a+/N3F03fgYwSAwGu6D
2PM4R+b5+as1QW49RRmeRadRDzsuzvlHrKjrPoNUCeRzSTjBtqM=
=vH8X
-----END PGP SIGNATURE-----
--- End Message ---
