Bug#696306: freeciv: CVE-2012-5645
Moritz Muehlenhoff
jmm at inutil.org
Wed Mar 6 18:03:24 UTC 2013
On Wed, Jan 02, 2013 at 08:31:12AM +0100, Moritz Muehlenhoff wrote:
> On Wed, Dec 19, 2012 at 01:38:30PM +0200, Marko Lindqvist wrote:
> > On 19 December 2012 09:02, Moritz Muehlenhoff <jmm at inutil.org> wrote:
> > > Package: freeciv
> > > Severity: important
> > > Tags: security
> > >
> > > Hi,
> > > please see http://aluigi.altervista.org/adv/freecivet-adv.txt
> >
> > That's two issues...
> >
> > > Bug: http://gna.org/bugs/?20003
> >
> > ... reported in one freeciv ticket.
> >
> > That CVE is a bit unfortunate that it (currently) has description
> > containing both parts but fix provided is only one part. I think it's
> > quite likely that they will assign new CVE for the other half to sort
> > this out.
> >
> > > Fix: http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21670
> >
> > Patch from stable S2_3 branch (where 2.3.x releases come from):
> > http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21672
> >
> > And the other fix not listed in CVE: trunk:
> > http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21701 /
> > S2_3: http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21703
>
> FTR, the additional issue has been assigned CVE-2012-6083:
> http://www.openwall.com/lists/oss-security/2012/12/31/2
Freeciv maintainers,
it's been two months. Can you please upload a fixed package?
Cheers,
Moritz
More information about the Pkg-games-devel
mailing list