Bug#357645: marked as done (teg: [CAN-2006-1150] Remote DOS vulnerability)

[Debian Bug Tracking System]

Your message dated Wed, 12 Jul 2006 14:32:10 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#357645: fixed in teg 0.11.1-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: teg
Severity: important
Tags: fixed-upstream upstream patch

The upstream patch is attached; I retrieved it with:
cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/teg login
cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/teg co .
cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/teg log |less
cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/teg diff -u -D '2006/03/16 21:59:34' 
-D 2006/03/15 teg/server/player.c

Debian patch will follow..

I don't know if this warrents a security upload, but I cc: them
anyway; this patch should also apply to sarge (player.c).

BTW, upstream authors, you should fix your copyright notice;
"copyright: gpl" doesn't make sense; the gpl is a license and not a
copyright holder.

----- Forwarded message from Davide Puricelli <[EMAIL PROTECTED]> -----

X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on 
        webmin.steelfarms.net
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham 
        version=3.1.0
Old-Return-Path: <[EMAIL PROTECTED]>
From: Davide Puricelli <[EMAIL PROTECTED]>
To: Wolfgang Morawetz <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Remote DoS vulnerability in TEG
X-Operating-System: Linux gladstone.duckburg.org 2.6.15.4-gladstone1 
X-Rc-Virus: 2005-11-10_01
X-Rc-Spam: 2006-03-13_01
Resent-Message-ID: <[EMAIL PROTECTED]>
Resent-From: debian-qa-packages@lists.debian.org
X-Mailing-List: <debian-qa-packages@lists.debian.org> archive/latest/12390
List-Id: <debian-qa-packages.lists.debian.org>
List-Post: <mailto:debian-qa-packages@lists.debian.org>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
Resent-Sender: [EMAIL PROTECTED]
Resent-Date: Sat, 18 Mar 2006 11:34:51 -0600 (CST)

On Fri, Mar 17, 2006 at 02:57:17PM +0100, Wolfgang Morawetz wrote:
> Hi,
> i will inform you about a remote DOS vulnerability in TEG
> The fix is in CVS.

Hi, I orphaned the teg package some months ago, therefore I'm forwarding
your email to our Quality Assurance group, thanks anyway!

Regards,
-- 
Davide Puricelli, [EMAIL PROTECTED]
Debian Developer: [EMAIL PROTECTED] | http://www.debian.org

Time looked like snow dropping silently into a black room -- Ray Bradbury



----- End forwarded message -----

Index: teg/server/player.c
===================================================================
RCS file: /cvsroot/teg/teg/server/player.c,v
retrieving revision 1.7
retrieving revision 1.6
diff -u -r1.7 -r1.6
--- teg/server/player.c 16 Mar 2006 21:59:34 -0000      1.7
+++ teg/server/player.c 14 Mar 2006 16:47:00 -0000      1.6
@@ -1,4 +1,4 @@
-/*     $Id: player.c,v 1.7 2006/03/16 21:59:34 nordi Exp $     */
+/*     $Id: player.c,v 1.6 2006/03/14 16:47:00 nordi Exp $     */
 /* Tenes Empanadas Graciela
  *
  * Copyright (C) 2000 Ricardo Quesada
@@ -596,16 +596,16 @@
 
        strip_invalid(new_name);
        if( player_findbyname(new_name,&pJ_new) == TEG_STATUS_SUCCESS && 
pJ_new->estado != PLAYER_STATUS_DESCONECTADO ) {
-               /* that name is already registered, assign a new name 
dynamically */
+               /* that name is already registered, assign a new name 
dinamically */
                int n = strlen(new_name);
                if( n < sizeof(pJ->name) - 2 ) {
                        new_name[n] = '_';
                        player_fillname( pJ, new_name );
                } else {
-                       if( new_name[n-1] < '0' || new_name[n-1] > '9' )
-                               new_name[n-1]='0';
+                       if( new_name[n] < '0' || new_name[n] > '9' )
+                               new_name[n]='0';
                        else
-                               new_name[n-1]++;
+                               new_name[n]++;
                        player_fillname( pJ, new_name );
                }
        }

--- End Message ---

--- Begin Message ---

Source: teg
Source-Version: 0.11.1-3

We believe that the bug you reported is fixed in the latest version of
teg, which is due to be installed in the Debian FTP archive:

teg_0.11.1-3.diff.gz
  to pool/main/t/teg/teg_0.11.1-3.diff.gz
teg_0.11.1-3.dsc
  to pool/main/t/teg/teg_0.11.1-3.dsc
teg_0.11.1-3_powerpc.deb
  to pool/main/t/teg/teg_0.11.1-3_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gonéri Le Bouder <[EMAIL PROTECTED]> (supplier of updated teg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 26 May 2006 23:15:47 +0200
Source: teg
Binary: teg
Architecture: source powerpc
Version: 0.11.1-3
Distribution: unstable
Urgency: high
Maintainer: Debian Games Team <[EMAIL PROTECTED]>
Changed-By: Gonéri Le Bouder <[EMAIL PROTECTED]>
Description: 
 teg        - Turn based strategy game
Closes: 322103 357645
Changes: 
 teg (0.11.1-3) unstable; urgency=high
 .
   [ Gonéri Le Bouder ]
   * New maintainer, closes: #322103.
   * switch to simple-patchsys
   * compat 5
   * Standards-Version: 3.7.2
   * set Maintainer to Debian Games Team
   * add myself in uploader
   * change section to games
   * add cdbs in Build-Depends:
   * debhelper 5.0.0
   * change icon location to /usr/share/pixmaps/teg.xpm
   * update rules file
   * data are installed in /usr/share/games/teg
   * watch file
 .
   [ Justin Pryzby ]
   * Manually apply the changes made upstream to address remote DoS
     patch teg-diff-CAN-2006-1150-debian
     [CAN-2006-1150]; Closes: #357645.
   * update copyright file
   * Drop the README, which mostly duplicated the description
   * add a homepage pseudofield in the Description entry
Files: 
 82f63bbab4252b5e10a0d45eea94b45e 1002 games optional teg_0.11.1-3.dsc
 071d6dab84f29dd711c2b7bdf67f2972 6146 games optional teg_0.11.1-3.diff.gz
 8201436bc0ae1c8f1b9b38aa42b51fdb 3317696 games optional 
teg_0.11.1-3_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEtWU/Bxd04ADYzRYRAjB1AKCDiy8eIrf2XW0GMvJ5OEbY5BTELwCfRmS7
cB2nrRxyXLliC2GNKGNX8og=
=bc0W
-----END PGP SIGNATURE-----

--- End Message ---