Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: teewor...@packages.debian.org, Moritz Muehlenhoff <j...@debian.org>, car...@debian.org Control: affects -1 + src:teeworlds
Dear release team, Please unblock package teeworlds Moritz Muehlenhoff addressed with a targetted fix CVE-2021-43518, #1009070 for teeworlds. It has been in unstable for 24 days, but needs an explicit unblock. The issue would be classified no-dsa for bookworm similar to bullseye, but as the fix is quite isolated might be worth having it fixed in bookworm. Attached is the full debdiff for the changes. I cannot say about specific done tests on the package. unblock teeworlds/0.7.5-2 Regards, Salvatore
diff -Nru teeworlds-0.7.5/debian/changelog teeworlds-0.7.5/debian/changelog --- teeworlds-0.7.5/debian/changelog 2020-08-30 15:38:14.000000000 +0200 +++ teeworlds-0.7.5/debian/changelog 2023-03-17 11:46:31.000000000 +0100 @@ -1,3 +1,10 @@ +teeworlds (0.7.5-2) unstable; urgency=medium + + * Backport 91e5492d4c210f82f1ca6b43a73417fef5463368 as the hotfix + for CVE-2021-43518 (Closes: #1009070) + + -- Moritz Muehlenhoff <j...@debian.org> Fri, 17 Mar 2023 11:46:31 +0100 + teeworlds (0.7.5-1) unstable; urgency=medium * Team upload. diff -Nru teeworlds-0.7.5/debian/patches/CVE-2021-43518.patch teeworlds-0.7.5/debian/patches/CVE-2021-43518.patch --- teeworlds-0.7.5/debian/patches/CVE-2021-43518.patch 1970-01-01 01:00:00.000000000 +0100 +++ teeworlds-0.7.5/debian/patches/CVE-2021-43518.patch 2023-03-17 11:46:31.000000000 +0100 @@ -0,0 +1,34 @@ +Backport 91e5492d4c210f82f1ca6b43a73417fef5463368 as the hotfix for CVE-2021-43518 + +--- teeworlds-0.7.5.orig/src/game/client/components/maplayers.cpp ++++ teeworlds-0.7.5/src/game/client/components/maplayers.cpp +@@ -254,7 +254,7 @@ void CMapLayers::LoadEnvPoints(const CLa + p.m_Time = pEnvPoint_v1->m_Time; + p.m_Curvetype = pEnvPoint_v1->m_Curvetype; + +- for(int c = 0; c < pItem->m_Channels; c++) ++ for(int c = 0; c < min(pItem->m_Channels, 4); c++) + { + p.m_aValues[c] = pEnvPoint_v1->m_aValues[c]; + p.m_aInTangentdx[c] = 0; +--- teeworlds-0.7.5.orig/src/game/editor/io.cpp ++++ teeworlds-0.7.5/src/game/editor/io.cpp +@@ -478,7 +478,8 @@ int CEditorMap::Load(class IStorage *pSt + for(int e = 0; e < Num; e++) + { + CMapItemEnvelope *pItem = (CMapItemEnvelope *)DataFile.GetItem(Start+e, 0, 0); +- CEnvelope *pEnv = new CEnvelope(pItem->m_Channels); ++ const int Channels = min(pItem->m_Channels, 4); ++ CEnvelope *pEnv = new CEnvelope(Channels); + pEnv->m_lPoints.set_size(pItem->m_NumPoints); + for(int n = 0; n < pItem->m_NumPoints; n++) + { +@@ -495,7 +496,7 @@ int CEditorMap::Load(class IStorage *pSt + pEnv->m_lPoints[n].m_Time = pEnvPoint_v1->m_Time; + pEnv->m_lPoints[n].m_Curvetype = pEnvPoint_v1->m_Curvetype; + +- for(int c = 0; c < pItem->m_Channels; c++) ++ for(int c = 0; c < Channels; c++) + { + pEnv->m_lPoints[n].m_aValues[c] = pEnvPoint_v1->m_aValues[c]; + } diff -Nru teeworlds-0.7.5/debian/patches/series teeworlds-0.7.5/debian/patches/series --- teeworlds-0.7.5/debian/patches/series 2020-08-30 15:38:14.000000000 +0200 +++ teeworlds-0.7.5/debian/patches/series 2023-03-17 11:46:31.000000000 +0100 @@ -5,3 +5,4 @@ no-cmake.patch python3.patch new-wavpack.patch +CVE-2021-43518.patch