Bug#696306: freeciv: CVE-2012-5645
Moritz Muehlenhoff
jmm at inutil.org
Wed Jan 2 07:31:12 UTC 2013
On Wed, Dec 19, 2012 at 01:38:30PM +0200, Marko Lindqvist wrote:
> On 19 December 2012 09:02, Moritz Muehlenhoff <jmm at inutil.org> wrote:
> > Package: freeciv
> > Severity: important
> > Tags: security
> >
> > Hi,
> > please see http://aluigi.altervista.org/adv/freecivet-adv.txt
>
> That's two issues...
>
> > Bug: http://gna.org/bugs/?20003
>
> ... reported in one freeciv ticket.
>
> That CVE is a bit unfortunate that it (currently) has description
> containing both parts but fix provided is only one part. I think it's
> quite likely that they will assign new CVE for the other half to sort
> this out.
>
> > Fix: http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21670
>
> Patch from stable S2_3 branch (where 2.3.x releases come from):
> http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21672
>
> And the other fix not listed in CVE: trunk:
> http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21701 /
> S2_3: http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21703
FTR, the additional issue has been assigned CVE-2012-6083:
http://www.openwall.com/lists/oss-security/2012/12/31/2
Cheers,
Moritz
More information about the Pkg-games-devel
mailing list