Your message dated Sun, 23 Nov 2014 17:24:05 +0100
with message-id <54720a25.9040...@thykier.net>
and subject line Re: Bug#770724: unblock: teeworlds/0.6.2+dfsg-2
has caused the Debian Bug report #770724,
regarding unblock: teeworlds/0.6.2+dfsg-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
770724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770724
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package teeworlds
This upload fixes a remote DoS vulnerability in teeworlds-server.
See https://security-tracker.debian.org/tracker/source-package/teeworlds
debdiff:
diff -Nru teeworlds-0.6.2+dfsg/debian/changelog
teeworlds-0.6.2+dfsg/debian/changelog
--- teeworlds-0.6.2+dfsg/debian/changelog 2013-05-05 09:49:38.000000000
+0200
+++ teeworlds-0.6.2+dfsg/debian/changelog 2014-11-23 16:46:40.000000000
+0100
@@ -1,3 +1,10 @@
+teeworlds (0.6.2+dfsg-2) unstable; urgency=high
+
+ * Fix a server crash that is remotely exploitable. (Closes: #770514)
+ - Add fixed_a_server_crash.patch, cherry picked from 0.6.3.
+
+ -- Felix Geyer <fge...@debian.org> Sun, 23 Nov 2014 16:45:28 +0100
+
teeworlds (0.6.2+dfsg-1) unstable; urgency=low
* New upstream release.
diff -Nru teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch
teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch
--- teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch
1970-01-01 01:00:00.000000000 +0100
+++ teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch
2014-11-23 16:45:06.000000000 +0100
@@ -0,0 +1,24 @@
+From a766cb44bcffcdb0b88e776d01c5ee1323d44f85 Mon Sep 17 00:00:00 2001
+From: oy <tom_ad...@web.de>
+Date: Thu, 20 Nov 2014 18:13:54 +0100
+Subject: [PATCH] fixed a server crash
+
+---
+ src/engine/server/server.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/engine/server/server.cpp b/src/engine/server/server.cpp
+index 581c7e6..ab0f312 100644
+--- a/src/engine/server/server.cpp
++++ b/src/engine/server/server.cpp
+@@ -845,8 +845,8 @@ void CServer::ProcessClientPacket(CNetChunk *pPacket)
+ return;
+
+ int Chunk = Unpacker.GetInt();
+- int ChunkSize = 1024-128;
+- int Offset = Chunk * ChunkSize;
++ unsigned int ChunkSize = 1024-128;
++ unsigned int Offset = Chunk * ChunkSize;
+ int Last = 0;
+
+ // drop faulty map data requests
diff -Nru teeworlds-0.6.2+dfsg/debian/patches/series
teeworlds-0.6.2+dfsg/debian/patches/series
--- teeworlds-0.6.2+dfsg/debian/patches/series 2013-05-04 14:50:02.000000000
+0200
+++ teeworlds-0.6.2+dfsg/debian/patches/series 2014-11-23 16:45:25.000000000
+0100
@@ -2,3 +2,4 @@
new-wavpack.patch
set-data-dir.patch
pass-build-flags.patch
+fixed_a_server_crash.patch
unblock teeworlds/0.6.2+dfsg-2
--- End Message ---
--- Begin Message ---
On 2014-11-23 17:17, Felix Geyer wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian....@packages.debian.org
> Usertags: unblock
>
> Please unblock package teeworlds
>
> This upload fixes a remote DoS vulnerability in teeworlds-server.
> See https://security-tracker.debian.org/tracker/source-package/teeworlds
>
> debdiff:
>
> [...]
>
>
> unblock teeworlds/0.6.2+dfsg-2
>
>
Unblocked, thanks.
~Niels
--- End Message ---
