Package: teeworlds X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for teeworlds. CVE-2019-10877[0]: | In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in | engine/shared/map.cpp that can lead to a buffer overflow, because | multiplication of width and height is mishandled. CVE-2019-10878[1]: | In Teeworlds 0.7.2, there is a failed bounds check in | CDataFileReader::GetData() and CDataFileReader::ReplaceData() and | related functions in engine/shared/datafile.cpp that can lead to an | arbitrary free and out-of-bounds pointer write, possibly resulting in | remote code execution. CVE-2019-10879[2]: | In Teeworlds 0.7.2, there is an integer overflow in | CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to | a buffer overflow and possibly remote code execution, because size- | related multiplications are mishandled. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10877 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10877 [1] https://security-tracker.debian.org/tracker/CVE-2019-10878 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10878 [2] https://security-tracker.debian.org/tracker/CVE-2019-10879 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10879 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature