subject:"Bug#870725\: marked as done \(CVE\-2017\-11721\: read buffer overflow in MSG

Bug#870725: marked as done (CVE-2017-11721: read buffer overflow in MSG_ReadBits)

2017-08-22 Thread Debian Bug Tracking System

Your message dated Tue, 22 Aug 2017 21:48:29 +
with message-id 
and subject line Bug#870725: fixed in ioquake3 1.36+u20140802+gca9eebb-2+deb8u2
has caused the Debian Bug report #870725,
regarding CVE-2017-11721: read buffer overflow in MSG_ReadBits
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870725
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ioquake3
Severity: grave
Tags: security

Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: ioquake3
Source-Version: 1.36+u20140802+gca9eebb-2+deb8u2

We believe that the bug you reported is fixed in the latest version of
ioquake3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie  (supplier of updated ioquake3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 12 Aug 2017 10:15:49 -0400
Source: ioquake3
Binary: ioquake3 ioquake3-server ioquake3-dbg
Architecture: source amd64
Version: 1.36+u20140802+gca9eebb-2+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Games Team 
Changed-By: Simon McVittie 
Description:
 ioquake3   - Game engine for 3D first person shooter games
 ioquake3-dbg - debug symbols for the ioquake3 game engine
 ioquake3-server - Standalone server for ioQuake3 based games
Closes: 870725
Changes:
 ioquake3 (1.36+u20140802+gca9eebb-2+deb8u2) jessie-security; urgency=medium
 .
   * Add patch from upstream:
 + Address read buffer overflow in
   MSG_ReadBits (CVE-2017-11721) (Closes: #870725)
 + Check buffer boundary exactly in MSG_WriteBits, instead of
   potentially failing with a few bytes still available
Checksums-Sha1:
 74428d865287b740fe942e9c61a1c1de6148bb95 2487 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.dsc
 dbc1bef688c31dde83efce5f289850c7691720d4 21328 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.debian.tar.xz
 e082506121ad0039040f3e2281bc9c71d3c82dc3 1467444 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 1cb478e031d39aafacfdaca9450c69b4192b4f4b 858832 
ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 e63c1b73d34d6286529530da8fbaa01213e71bef 5103992 
ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
Checksums-Sha256:
 c4d7f5d1fcdc4880aae830fa285e3e34d3f92013389e8ad3169bb8d6e9748e4f 2487 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.dsc
 431d0bfd241c03b668496e4d271e0ac687f73acfa3e61afc4a61b1e160bc4821 21328 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.debian.tar.xz
 fd4620dae688a1da9930ba643d0196564868e31c2b6ff1c9ce070263bf36b093 1467444 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 4b46e8a300db691e4d6482a7dd6b9b8d01193bc098901bb716fbd5edff6edfc4 858832 
ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 44928de612b490e254e99744230e8fd7759d8d8b4b06de5fc1219e470c94924b 5103992 
ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
Files:
 15b866d299bd49dadcc34345ef9c174a 2487 games optional 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.dsc
 d32e16ee6ae297b0dff0e4c3ba3410d4 21328 games optional 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.debian.tar.xz
 682fabb11d7546db34626145ead2b97b 1467444 games optional 
ioquake3_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 daf0766b20ff78047d94af3dfdf648b2 858832 games optional 
ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 e65241a904a16c1911b57c85bdf8cde9 5103992 debug extra 
ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlmPYnQACgkQ4FrhR4+B
TE9wkA/8Cle5qH/luXYIP88Kej/xFamqc4K8OHmU1M6uSEpk+UlnG6lVWJc76NJR
DdS5d8bLHVD3gaLMPxGhIunXMPVM4gOwdvLBxtDoBy5auTtBLTWS01KGmOSPnfC3
86cVKsftKRDsd5b08sybyXK8H4em7p9DhMdxscB4GJOXxLQybkJGWy9qzebg0E1n
8RZIP7xZvSpA7EzPurH5XIdfftPGFmy6TvluT3WZ1n/L3J8OqpJbUV8M0E3+BLfN
7C/0nME8imeTGVBFtN9AgyGNQzXO3gydcizYW38Qj9M3BQMrZ+smDw6+LHbyhtjC

Bug#870725: marked as done (CVE-2017-11721: read buffer overflow in MSG_ReadBits)

2017-08-22 Thread Debian Bug Tracking System

Your message dated Tue, 22 Aug 2017 21:32:20 +
with message-id 
and subject line Bug#870725: fixed in ioquake3 1.36+u20161101+dfsg1-2+deb9u1
has caused the Debian Bug report #870725,
regarding CVE-2017-11721: read buffer overflow in MSG_ReadBits
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870725
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ioquake3
Severity: grave
Tags: security

Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: ioquake3
Source-Version: 1.36+u20161101+dfsg1-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
ioquake3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie  (supplier of updated ioquake3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 12 Aug 2017 01:37:23 EDT
Source: ioquake3
Binary: ioquake3 ioquake3-server
Architecture: source
Version: 1.36+u20161101+dfsg1-2+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Games Team 
Changed-By: Simon McVittie 
Description: 
 ioquake3   - Game engine for 3D first person shooter games
 ioquake3-server - Engine for 3D first person shooter games - server and common 
file
Closes: 870725
Changes:
 ioquake3 (1.36+u20161101+dfsg1-2+deb9u1) stretch-security; urgency=medium
 .
   * Reference CVE-2017-6903 in previous changelog entry
   * Add patch from upstream:
 + Address read buffer overflow in
   MSG_ReadBits (CVE-2017-11721) (Closes: #870725)
 + Check buffer boundary exactly in MSG_WriteBits, instead of
   potentially failing with a few bytes still available
Checksums-Sha256: 
 61bd336200f9cee4b02f23aa1231cb272bb04cbd711b40e5ec16295ff92b8b4b 2310 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc
 f2fc89d979a84088a08f81debd341a4905dc2149185874d17943d2c2044be151 25268 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz
 16c071721387a37b592aad30ed3eddba66cdea87ad808af85f465396a51f4d0b 1886888 
ioquake3_1.36+u20161101+dfsg1.orig.tar.xz
Checksums-Sha1: 
 ec34c192c83e46aaaedbeffd72a60fe6239a80ee 2310 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc
 47651a22549123ec28a480a100764e47f362c0ff 25268 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz
 1287724135101aeed70f4a3cbb0883ca52995052 1886888 
ioquake3_1.36+u20161101+dfsg1.orig.tar.xz
Files: 
 6e7b750d4288a9a7388e96c2f45ed3ac 2310 games optional 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc
 81a330e471f12813df4ca9207d6417d1 25268 games optional 
ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz
 d14b0fca7af5ebc86688acd874e49b44 1886888 games optional 
ioquake3_1.36+u20161101+dfsg1.orig.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlmOlB0ACgkQ4FrhR4+B
TE9ddRAAqhfiJV/e5ctum/N6saW4wJ7HMcWbOgFT/4hnej6me6QwzgMs841imexd
g1c+Pm+frjx3G1L/e3JHy+vPkfycqvSf/8f4QN5NTvrHj5FVfdV/9m6VHA4MZRlf
VyDd1j5xD1KJhq3/r+NqmvQLft4JOaQMFbh8fkykxIKVR27S/mhhZxMAk0cEgIKw
aoxZ7GWOA1JfaSfoW6A0e1Fn+uRpZcxGZOpe6CJmBiUaESNGUITb4+lw7E7N+FzG
5a3xedYqdLW+WfdbzwqZ44PerE9zEEFrChyUEZFQyTSv+vJHwYZRkEcxDsfVEIBF
CG55IONIggPIpixybSeRGk3Cqzs+rshBHF33hqQ+Mu0hIvaZ67j0uy74s2uATqfK
ev3cP48PLumZ+Aix2Mu7hXIGXUY9M3NXSaGf8C9ykJyr4WlMEq7KS4VH0/Kw1/TB
qZeSVrzE8LEdom9XadkMgqoTLNRiOqbU/LWEDgIixv85iAMmlX7E54pqp8dOkuYa
R/5ld/LpZSw6WcR6vBW0WMuFSXGM7W1SUcwzn25tka/sl0GC2hGmSlOZEdKck23m
0IFfw9RLteGKZlXwIHZTVHnVyX7m7SCVmYzMw9HNobJh/mCqNlZu507IxUBj5aGC
/eNhGcTYHOk5vJW46BlcmtThutQ5NZBCCs6iIOg8BdfpqQ1buos=
=LCdy
-END PGP SIGNATURE End Message ---

Bug#870725: marked as done (CVE-2017-11721: read buffer overflow in MSG_ReadBits)

Bug#870725: marked as done (CVE-2017-11721: read buffer overflow in MSG_ReadBits)

2 matches

Site Navigation

Mail list logo

Footer information