FYI, The ioquake3.org blog post was updated to reference me as the reporter.
On Tue, Mar 14, 2017 at 4:42 PM, Victor Roemer wrote:
> Any way we can amend that?
>
> On Tue, Mar 14, 2017 at 3:31 PM, Simon McVittie wrote:
>
>> On Tue, 14 Mar 2017 at 13:38:37 -0400, Victor Roemer wrote:
>> > I orig
Any way we can amend that?
On Tue, Mar 14, 2017 at 3:31 PM, Simon McVittie wrote:
> On Tue, 14 Mar 2017 at 13:38:37 -0400, Victor Roemer wrote:
> > I originally reported the vulnerability to ioquake3. I'd like to help
> with the
> > CVE however I can.
> > I'm not familiar with CVE reports which
On Tue, 14 Mar 2017 at 13:38:37 -0400, Victor Roemer wrote:
> I originally reported the vulnerability to ioquake3. I'd like to help with the
> CVE however I can.
> I'm not familiar with CVE reports which is why one hasn't already been
> written.
MITRE's new process really doesn't help matters the
Hi guys,
I originally reported the vulnerability to ioquake3. I'd like to help with
the CVE however I can.
I'm not familiar with CVE reports which is why one hasn't already been
written.
Thanks,
Victor
Hi,
I heard upstream is not gonna create a CVE, so go ahead..
Cheers,
Daniel
On 14.03.2017 17:44, Salvatore Bonaccorso wrote:
Hi Simon,
On Tue, Mar 14, 2017 at 08:30:36AM +, Simon McVittie wrote:
cc'ing security team for information. No CVE ID yet, I assume ioquake3
upstream will be requ
Hi Simon,
On Tue, Mar 14, 2017 at 08:30:36AM +, Simon McVittie wrote:
> cc'ing security team for information. No CVE ID yet, I assume ioquake3
> upstream will be requesting one (or if not I will).
heard anything about that yet? If so can you request a CVE via
https://cveform.mitre.org/ and lo
On 14.03.2017 09:30, Simon McVittie wrote:
Thanks for reporting, I'll fix this ASAP.
Awesome, thanks for the prompt reaction!
Looks like I need to teach ioquake3 upstream about coordinated
disclosure, or remind them that their game is in distributions.
That might be a good idea, I had th
On Tue, Mar 14, 2017 at 12:18:27PM +, Simon McVittie wrote:
> On Tue, 14 Mar 2017 at 08:30:36 +, Simon McVittie wrote:
> > On Tue, 14 Mar 2017 at 04:59:15 +0100, Daniel Gibson wrote:
> > > earlier today ioquake3 fixed a vulnerability that, as far as I understand,
> > > could let malicious m
On Tue, 14 Mar 2017 at 08:30:36 +, Simon McVittie wrote:
> On Tue, 14 Mar 2017 at 04:59:15 +0100, Daniel Gibson wrote:
> > earlier today ioquake3 fixed a vulnerability that, as far as I understand,
> > could let malicious multiplayer servers execute code on connecting clients.
> > It affects al
Control: tags 857699 + security
Control: clone 857699 -2 -3
Control: reassign -2 iortcw 1.42b+20150930+dfsg1-1
Control: reassign -3 openjk 0~20150430+dfsg1-1
On Tue, 14 Mar 2017 at 04:59:15 +0100, Daniel Gibson wrote:
> earlier today ioquake3 fixed a vulnerability that, as far as I understand,
> c
Package: ioquake3
Version: 1.36
Severity: grave
Hi,
earlier today ioquake3 fixed a vulnerability that, as far as I
understand, could let malicious multiplayer servers execute code on
connecting clients.
It affects all prior versions of ioquake3 (and I think also original
Quake 3).
Details:
h
11 matches
Mail list logo