Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Simon McVittie smcv at debian.org
Sat Aug 12 05:46:33 UTC 2017

On Fri, 11 Aug 2017 at 20:11:46 +0200, Moritz Mühlenhoff wrote:
> Thanks, please upload. Generally speaking contrib is not supported, but
> it would be silly to fix ioquake, but not iortcw along, so please go ahead.

Thanks, both uploaded to security-master targeting stretch-security.

> What about jessie, is that still usable against current game servers?

It would make sense to fix ioquake3 in jessie, but I am unlikely to
be able to complete this work any time soon - I probably won't find a
jessie user at DebConf, and soon after I get back I'll be moving house,
so my time and hardware are limited. I'll try to prepare packages so
that someone else can test them (via openarena).

For completeness: iortcw isn't in jessie, so not applicable.


More information about the Pkg-games-devel mailing list