darkplaces in Debian out-dated by a good three years and Nexuiz Classic abandoned since 2010

Frederique auspicious at inventati.org
Mon Aug 14 19:15:56 UTC 2017


Dear Debian Games mailing list,

I am going to try to keep it short and simple.

darkplaces: this package has not received updates in Debian while the
official SVN is still receiving commits to this day (
svn://svn.icculus.org/twilight/trunk/darkplaces ).

Nexuiz Classic: project has been abandoned in favour of their
commercial proprietary release. This since 2010. A majority of the
Nexuiz community has moved over to create a fork called Xonotic ( http:
//www.xonotic.org/ ) which last received an update just a few months
ago.

Please update darkplaces and replace Nexuiz with Xonotic. There is also
a possibility of Nexuiz being vulnerable to an exploit allowing servers
to remotely execute code on clients similar to the exploits Valve
recently resolved in their Quake based legacy games:

http://steamcommunity.com/games/70/announcements/detail/143931405382043
1619

And just to express concern in regards the importance of keeping games
updated, here is a recent exploit Valve fixed in their Source engine
that allowed remote code execution simply by killing a player:

https://www.theverge.com/2017/7/20/16003722/valve-one-up-security-explo
it-hackers-ragdoll-source-sdk-vunerability

Sincerely yours,
Frederique



More information about the Pkg-games-devel mailing list