Security unfreezes/priority bumps
Moritz Muehlenhoff
jmm at inutil.org
Tue Dec 26 14:58:44 CET 2006
In gmane.linux.debian.devel.release, Luk wrote:
>> libarchive - unfreeze
>> 1.2.53-2 to 1.3.1-1
>> CVE-2006-5680 - DoS (CPU consumption)
>
> Not important according to tracker and too big diff...
Indeed, this is hardly a security problem.
>> nexuiz - unfreeze/bump
>> 2.1-1 to 2.2.1-1
>> CVE-2006-6609 - DoS
>> CVE-2006-6610 - remote console command injection
>> nexuiz-data - unfreeze/bump
>> 2.1-1 to 2.2.1-1
>> Same issues as above
>
> Too big diff IMHO, so I'm not unblocking these...
Upstream changelog reads:
- fixed clientcommands remote console command injection
- fixed fake players DoS
Can one of the maintainers please get in contact with upstream
for details? Does the former changelog entry refer to shell
commands or commands executed in an in-game console as the
one used in Quake?
Cheers,
Moritz
More information about the Pkg-games-devel
mailing list