Bug#406400: nexuiz: Open security fixes in Etch
Moritz Muehlenhoff
jmm at debian.org
Wed Jan 10 22:50:02 CET 2007
Package: nexuiz
Version: 2.1-1
Severity: grave
Tags: security
Justification: user security hole
I'm currently busy and hadn't had the time to investigate it myself yet,
but it should be tracked for Etch:
Nexuiz 2.2.1 fixed two vulnerabilities:
http://sourceforge.net/project/shownotes.php?release_id=470675&group_id=81584
- fixed fake players DoS (CVE-2006-6609)
- fixed clientcommands remote console command injection (CVE-2006-6610)
If the second vulnerability refers to shell command execution and not
to some kind of in-game-console ala Quake this warrants an RC security
bug.
Cheers,
Moritz
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
More information about the Pkg-games-devel
mailing list