Your message dated Mon, 21 Aug 2006 01:32:11 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#382082: fixed in bomberclone 0.11.7-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: bomberclone
Severity: grave
Tags: security
Justification: user security hole
Multiple Vulnerabilities have been found in Bomberclone:
The do_gameinfo functionin BomberClone 0.11.6 and earlier, and
possibly other functions, does not reset the packet data size, which
causes the send_pkg function (packets.c) to use this data size when
sending a reply, and allows remote attackers to read portions of
server memory.
http://secunia.com/advisories/21303 lists 0.11.6.2 as vulnerable
See
http://aluigi.altervista.org/adv/bcloneboom-adv.txt
for details.
Please mention the CVE-id in the changelog.
--- End Message ---
--- Begin Message ---
Source: bomberclone
Source-Version: 0.11.7-1
We believe that the bug you reported is fixed in the latest version of
bomberclone, which is due to be installed in the Debian FTP archive:
bomberclone-data_0.11.7-1_all.deb
to pool/main/b/bomberclone/bomberclone-data_0.11.7-1_all.deb
bomberclone_0.11.7-1.diff.gz
to pool/main/b/bomberclone/bomberclone_0.11.7-1.diff.gz
bomberclone_0.11.7-1.dsc
to pool/main/b/bomberclone/bomberclone_0.11.7-1.dsc
bomberclone_0.11.7-1_i386.deb
to pool/main/b/bomberclone/bomberclone_0.11.7-1_i386.deb
bomberclone_0.11.7-1_sparc.deb
to pool/main/b/bomberclone/bomberclone_0.11.7-1_sparc.deb
bomberclone_0.11.7.orig.tar.gz
to pool/main/b/bomberclone/bomberclone_0.11.7.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bart Martens <[EMAIL PROTECTED]> (supplier of updated bomberclone package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 20 Aug 2006 12:17:29 +0200
Source: bomberclone
Binary: bomberclone-data bomberclone
Architecture: source i386 sparc all
Version: 0.11.7-1
Distribution: unstable
Urgency: low
Maintainer: Bart Martens <[EMAIL PROTECTED]>
Changed-By: Bart Martens <[EMAIL PROTECTED]>
Description:
bomberclone - free Bomberman clone
bomberclone-data - Data files for bomberclone game
Closes: 316569 382082
Changes:
bomberclone (0.11.7-1) unstable; urgency=low
.
* New maintainer. Closes: #316569.
* New upstream release. Closes: #382082. That fixes CVE-2006-4005 and
CVE-2006-4006.
* debian/*: Repackaged with dh-make 0.41.
* debian/source.lintian-overrides: Added.
* debian/watch: Added.
Files:
9ffa8dc587848649bb520a2be14f984b 687 games extra bomberclone_0.11.7-1.dsc
48a1ed3b10d4b52cae4e478e5d8af740 8024434 games extra
bomberclone_0.11.7.orig.tar.gz
accec75fed0047231641b40b30c17d71 7081 games extra bomberclone_0.11.7-1.diff.gz
6565b5b6f6e7ae773418e23410e73be3 102064 games extra
bomberclone_0.11.7-1_i386.deb
3133cb10494edfa5c9917ecd389d23f5 7597462 games extra
bomberclone-data_0.11.7-1_all.deb
5b4bb9926f745e25d73435a9c108744a 107678 games extra
bomberclone_0.11.7-1_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFE6WcGipBneRiAKDwRArN2AJ4xU41hIgGRdo8OcVxC39nxl12DLACeLkIS
hA4VJ3mVHe5Z4gnYr/Cw0Ck=
=8LWd
-----END PGP SIGNATURE-----
--- End Message ---
