Security unfreezes/priority bumps

Moritz Muehlenhoff jmm at inutil.org
Tue Dec 26 14:58:44 CET 2006


In gmane.linux.debian.devel.release, Luk wrote:
>> libarchive - unfreeze
>> 	1.2.53-2 to 1.3.1-1
>> 	CVE-2006-5680 - DoS (CPU consumption)
>
> Not important according to tracker and too big diff...

Indeed, this is hardly a security problem.

>> nexuiz - unfreeze/bump
>> 	2.1-1 to 2.2.1-1
>> 	CVE-2006-6609 - DoS
>> 	CVE-2006-6610 - remote console command injection
>> nexuiz-data - unfreeze/bump
>> 	2.1-1 to 2.2.1-1
>> 	Same issues as above
>
> Too big diff IMHO, so I'm not unblocking these...

Upstream changelog reads:
- fixed clientcommands remote console command injection
- fixed fake players DoS

Can one of the maintainers please get in contact with upstream
for details? Does the former changelog entry refer to shell
commands or commands executed in an in-game console as the
one used in Quake?

Cheers,
        Moritz



More information about the Pkg-games-devel mailing list