Bug#857715: marked as done (ioquake3 has a security vulnerability)

Tue, 14 Mar 2017 04:55:11 -0700 

Your message dated Tue, 14 Mar 2017 11:50:05 +0000
with message-id <[email protected]>
and subject line Bug#857715: fixed in openjk 0~20170314+dfsg1-1
has caused the Debian Bug report #857715,
regarding ioquake3 has a security vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
857715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857715
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ioquake3
Version: 1.36
Severity: grave

Hi,
earlier today ioquake3 fixed a vulnerability that, as far as I understand, could let malicious multiplayer servers execute code on connecting clients. It affects all prior versions of ioquake3 (and I think also original Quake 3). Details: https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/ 

So you should probably update to latest ioq3 git or backport the fix.

Cheers,
Daniel

--- End Message ---
--- Begin Message --- 
Source: openjk
Source-Version: 0~20170314+dfsg1-1

We believe that the bug you reported is fixed in the latest version of
openjk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated openjk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 14 Mar 2017 10:22:34 +0000
Source: openjk
Binary: openjk-academy openjk-academy-server openjk-outcast openjk-common
Architecture: source
Version: 0~20170314+dfsg1-1
Distribution: experimental
Urgency: high
Maintainer: Debian Games Team <[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 857715
Description: 
 openjk-academy - Jedi Academy single-player and multiplayer game engine
 openjk-academy-server - Jedi Academy multiplayer game server
 openjk-common - common files for all OpenJK games
 openjk-outcast - experimental Jedi Outcast single-player game engine
Changes:
 openjk (0~20170314+dfsg1-1) experimental; urgency=high
 .
   * New upstream snapshot with security fixes (Closes: #857715)
     - Drop patches that were applied upstream
Checksums-Sha1: 
 3adfca6bd71f27a3fc1ce1d34b4309e792b97715 2370 openjk_0~20170314+dfsg1-1.dsc
 25e7e4b2254c3cfe0fce3d3bc5bd446296cb8e2f 6114664 
openjk_0~20170314+dfsg1.orig.tar.xz
 ace34df93a11e78fe6c3009186b55be76bd1fe2c 17672 
openjk_0~20170314+dfsg1-1.debian.tar.xz
Checksums-Sha256: 
 92c5b3f96051ce3e31558ce71a67d17d6118df714a112a9d9b7939a09612b68f 2370 
openjk_0~20170314+dfsg1-1.dsc
 14cac6b63d59e88516656044ebd736eeeadd59e5148e212e21b0d25ad995e4e2 6114664 
openjk_0~20170314+dfsg1.orig.tar.xz
 f870e5fd1500c8540cf06897ca8bd0a16fe916fe02e5c5aae5e78b6b561dea05 17672 
openjk_0~20170314+dfsg1-1.debian.tar.xz
Files: 
 22b6d7925ab416714ef0c6768ba11b3e 2370 contrib/games optional 
openjk_0~20170314+dfsg1-1.dsc
 58e9d3a77c15267bcc029bb72c0b507a 6114664 contrib/games optional 
openjk_0~20170314+dfsg1.orig.tar.xz
 5e3b602d2b4e8d4841ec2651e81850d9 17672 contrib/games optional 
openjk_0~20170314+dfsg1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAljH1JsACgkQTej/KmPH
zJBRtg//ZUNVumZgaENra2O/jfTFIAi7iOeWeYghBDsIc2aVt5noyNTRMBKPQCEC
Uzv+mldqcBSZ2JCF+3e9OyZVmXgvGrLH7erB2u96bnYffiklZdMxjvT6TL2mNDNm
Biy+QJVIadBtrUSxuYK8DU4+bIJJwEnOmiTnD6mo9EJrrExL63ZViY3QKO6j9Xwj
tPNo+5Z0ktDoPOfwEyu1dRvZ0hNFNBGvz5CpM0bvWXoezHhkCZUFb2pmkq2/ShRy
MRkKl3aiU9OW821vKWs5ZbIgH0xJC9AfFjrj8t3EDknFeq1nhVtiJsbImKtaQNbi
74W8aRk6ooFIeljR+cIeKd3zBSsQJaD4sVvxvPF84202WDKQbD77j7sHUFQSTih6
oy14z5rgUUv6by3bYsPcG0/reBFoBx8QR/+ql1rtHg3/pTGRdbj3oLj/xEtIRl2T
5Pm8tBvn+NhSqft/o0TRSuMJI9jp5a79NAf/cgfI7b6mWU+58CxUUEICiSuOKX/Y
/hLv1MmQdOsF+Chxott7WiTFhOiQqopvO+T+jdPWPdc06OKJNYw9hd3fNBwywTJp
RuMCCN8MFKmjZbDWYw/HXEKl0uNAZPjv8RTEoTcvccZsub3oqrE20vvHmpruEG7U
E6W4roRBsXirn0tOfHfOuJjm0oncyRHpo3JPnwXEkaTZtz1mLFU=
=yvO/
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to