Your message dated Fri, 17 Mar 2023 12:19:07 +0000
with message-id <[email protected]>
and subject line Bug#1009070: fixed in teeworlds 0.7.5-2
has caused the Debian Bug report #1009070,
regarding teeworlds: CVE-2021-43518: stack base buffer overflow while loading
map in CMapLayers::LoadEnvPoints
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1009070: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009070
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: teeworlds
Version: 0.7.5-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/teeworlds/teeworlds/issues/2981
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 0.7.2-5+deb10u1
Control: found -1 0.7.2-5
Hi,
The following vulnerability was published for teeworlds.
CVE-2021-43518[0]:
| Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow.
| A map parser does not validate m_Channels value coming from a map
| file, leading to a buffer overflow. A malicious server may offer a
| specially crafted map that will overwrite client's stack causing
| denial of service or code execution.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-43518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43518
[1] https://github.com/teeworlds/teeworlds/issues/2981
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: teeworlds
Source-Version: 0.7.5-2
Done: Moritz Muehlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
teeworlds, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <[email protected]> (supplier of updated teeworlds package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 17 Mar 2023 11:46:31 +0100
Source: teeworlds
Architecture: source
Version: 0.7.5-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team <[email protected]>
Changed-By: Moritz Muehlenhoff <[email protected]>
Closes: 1009070
Changes:
teeworlds (0.7.5-2) unstable; urgency=medium
.
* Backport 91e5492d4c210f82f1ca6b43a73417fef5463368 as the hotfix
for CVE-2021-43518 (Closes: #1009070)
Checksums-Sha1:
f32787e939508d62ef1cbd51dac553a3bae38805 2261 teeworlds_0.7.5-2.dsc
465874c509c9afb538bc0598d81668be55fe8261 34776 teeworlds_0.7.5-2.debian.tar.xz
4dbca70918fe2164e6d35a67cb7ceb605957766e 13279
teeworlds_0.7.5-2_amd64.buildinfo
Checksums-Sha256:
114f9b9675e1db1ccc8510e2a97ee18baeb232b6371c949318a00885ab10b8a0 2261
teeworlds_0.7.5-2.dsc
179ee151eb94e66e14fb3294dd4df4b57ab4bc4dea8b267420e6b0199c42e8e6 34776
teeworlds_0.7.5-2.debian.tar.xz
5fbe9c8f7af534a69cf6062830a9005ea8bd35c8aca67f165ae883e1e0f09a0b 13279
teeworlds_0.7.5-2_amd64.buildinfo
Files:
bb90c3ae33261905fa6d5ec35727a3bc 2261 games optional teeworlds_0.7.5-2.dsc
99c28f2602b6c0688fa43048ed071098 34776 games optional
teeworlds_0.7.5-2.debian.tar.xz
d048478df1b05275c78bd11c08a23899 13279 games optional
teeworlds_0.7.5-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQUVg8ACgkQEMKTtsN8
Tjaqig//dlDVUGhvpE8nyeQW3o77ZdRibeqof/w5nINLYsrJ+0rkKDQ056KKQXQB
Xl8IWNg1EU0Wstq76GF5Rxe0rtQFllvnDzBoKwMvuJZQZyWkI9wCzLnWGvl5pcxG
jhxKxpG6gtM525tTWy6prYWFVLpnre0KtMrvCXCEQaAnjvoqAPPDeXQa7Oma9Yf/
2z3QxHKTfY/Xnsb/Sm6UNSGOdbFQDHi9ZXa6Iej7efmIzongEEYR5+mof9yTfa4I
PnESuowniOgFtyWcN4dz+tRrcheCqdWyckpwhhvbyXVlG3jOl3xbWmGzYN+C74xY
SQJJ5bd5i+thp+4bGtu+EdjT+wKtwsga6L7X+JESU8P+ho/Wm5YDYT3lm9HC3jnR
wqlbu73Cfv5NNs+ZMOPkscB4j8uYnlXs0qtRYMTpwiMIdpC4b8969QusxPxVk5B7
tU2WdGpA06bSUikVHyEvnDL2kZaf8EXTYZuEZwoHuVihgVpB1kclQLWUbYT7JRQ4
CcM12AVVoAB3pbDmaKKBSRi4KIh9U1LX9tNu7Eb4rZ5UEIwGmFF+I/AlTR9zpF5a
jLKA6ZbN/R3E8Uw3FeXPAXlf1mjUn+8GlO2eUGRWL2dOZWdwYe//kvfU7/CkEah9
VGpG8L1PNeOO5lRfjUX2T0//0BdT0aOI3yNyq6c+ZiskqjBIMtM=
=fgDV
-----END PGP SIGNATURE-----
--- End Message ---
