[SCM] Packaging for the OpenArena engine branch, debian-squeeze, updated. debian/0.8.5-5+squeeze2-3-g1b76f3e

Tue, 27 Mar 2012 02:59:44 -0700 

The following commit has been merged in the debian-squeeze branch:
commit 3ae20e9d1d019b87c170b0388cac140e553acc6e
Author: Simon McVittie <[email protected]>
Date:   Tue Mar 27 10:48:40 2012 +0100

    Incorporate ioquake3 r1763 into the patch for rate-limiting, to fix 
potential use of uninitialized variables if the network address family is 
unexpected

diff --git a/debian/changelog b/debian/changelog
index 17eb49d..fefd398 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ openarena (0.8.5-5+squeeze3) UNRELEASED; urgency=low
 
   * Add CVE reference to changelog and patch for previous version, now that
     one has been allocated
+  * Incorporate ioquake3 r1763 into the patch for rate-limiting, to fix
+    potential use of uninitialized variables if the network address family
+    is unexpected
 
  -- Simon McVittie <[email protected]>  Tue, 27 Mar 2012 10:02:30 +0100
 
diff --git 
a/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
 
b/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
index 53580d5..628f85c 100644
--- 
a/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
+++ 
b/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
@@ -1,8 +1,12 @@
 From: Tim Angus <tma>
 Date: Sun, 3 Jan 2010 22:12:20 +0000
-Subject: [PATCH] * Rate limit getstatus and rcon connectionless requests
+Subject: Rate limit getstatus and rcon connectionless requests
 
-Origin: upstream (ioquake3), commit:1762
+[This patch also includes r1763, fixing potential dereference of an
+uninitialized pointer if the network address family is neither IPv4 nor
+IPv6. -smcv]
+
+Origin: upstream (ioquake3), commit:1762, commit:1763
 Bug-Debian: http://bugs.debian.org/665656
 CVE: CVE-2010-5077
 ---
@@ -47,8 +51,8 @@ index 6215791..b88cc11 100644
 +================
 +*/
 +static long SVC_HashForAddress( netadr_t address ) {
-+      byte            *ip;
-+      size_t  size;
++      byte            *ip = NULL;
++      size_t  size = 0;
 +      int                     i;
 +      long            hash = 0;
 +

-- 
Packaging for the OpenArena engine

_______________________________________________
Pkg-games-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-games-commits

Reply via email to