Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package teeworlds This upload fixes a remote DoS vulnerability in teeworlds-server. See https://security-tracker.debian.org/tracker/source-package/teeworlds debdiff: diff -Nru teeworlds-0.6.2+dfsg/debian/changelog teeworlds-0.6.2+dfsg/debian/changelog --- teeworlds-0.6.2+dfsg/debian/changelog 2013-05-05 09:49:38.000000000 +0200 +++ teeworlds-0.6.2+dfsg/debian/changelog 2014-11-23 16:46:40.000000000 +0100 @@ -1,3 +1,10 @@ +teeworlds (0.6.2+dfsg-2) unstable; urgency=high + + * Fix a server crash that is remotely exploitable. (Closes: #770514) + - Add fixed_a_server_crash.patch, cherry picked from 0.6.3. + + -- Felix Geyer <fge...@debian.org> Sun, 23 Nov 2014 16:45:28 +0100 + teeworlds (0.6.2+dfsg-1) unstable; urgency=low * New upstream release. diff -Nru teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch --- teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch 1970-01-01 01:00:00.000000000 +0100 +++ teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch 2014-11-23 16:45:06.000000000 +0100 @@ -0,0 +1,24 @@ +From a766cb44bcffcdb0b88e776d01c5ee1323d44f85 Mon Sep 17 00:00:00 2001 +From: oy <tom_ad...@web.de> +Date: Thu, 20 Nov 2014 18:13:54 +0100 +Subject: [PATCH] fixed a server crash + +--- + src/engine/server/server.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/engine/server/server.cpp b/src/engine/server/server.cpp +index 581c7e6..ab0f312 100644 +--- a/src/engine/server/server.cpp ++++ b/src/engine/server/server.cpp +@@ -845,8 +845,8 @@ void CServer::ProcessClientPacket(CNetChunk *pPacket) + return; + + int Chunk = Unpacker.GetInt(); +- int ChunkSize = 1024-128; +- int Offset = Chunk * ChunkSize; ++ unsigned int ChunkSize = 1024-128; ++ unsigned int Offset = Chunk * ChunkSize; + int Last = 0; + + // drop faulty map data requests diff -Nru teeworlds-0.6.2+dfsg/debian/patches/series teeworlds-0.6.2+dfsg/debian/patches/series --- teeworlds-0.6.2+dfsg/debian/patches/series 2013-05-04 14:50:02.000000000 +0200 +++ teeworlds-0.6.2+dfsg/debian/patches/series 2014-11-23 16:45:25.000000000 +0100 @@ -2,3 +2,4 @@ new-wavpack.patch set-data-dir.patch pass-build-flags.patch +fixed_a_server_crash.patch unblock teeworlds/0.6.2+dfsg-2 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141123161713.27355.19935.reportbug@localhost6.localdomain6