ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_source+binary.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Mar 24 12:32:29 UTC 2017
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 14 Mar 2017 22:29:41 +0000
Source: ioquake3
Binary: ioquake3 ioquake3-server ioquake3-dbg
Architecture: source amd64
Version: 1.36+u20140802+gca9eebb-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Games Team <pkg-games-devel at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Description:
ioquake3 - Game engine for 3D first person shooter games
ioquake3-dbg - debug symbols for the ioquake3 game engine
ioquake3-server - Standalone server for ioQuake3 based games
Closes: 857699
Changes:
ioquake3 (1.36+u20140802+gca9eebb-2+deb8u1) jessie-security; urgency=high
.
* d/gbp.conf: switch branch to debian/jessie
* d/patches: Add patches from upstream fixing security vulnerabilities
- refuse to load potentially auto-downloadable .pk3 files as
ioquake3 renderers, ioquake3 game code, libcurl, or OpenAL drivers
(mitigation: auto-downloading is off by default, and in Debian
we do not dlopen libcurl anyway)
- refuse to load default configuration file names from a .pk3 file
- protect cl_renderer, cl_curllib, s_aldriver configuration variables so
game code cannot set them
- refuse to overwrite files other than *.txt with the dump console
command
- refuse to overwrite files other than *.cfg with the writeconfig
console command
(Closes: #857699; CVE-2017-6903)
Checksums-Sha1:
bdd735c15c0f0dfb6cea1a4fc050cd59d90c8418 2487 ioquake3_1.36+u20140802+gca9eebb-2+deb8u1.dsc
4d6782c17e106c9a5f3c03872d6d8e75941e2008 1876668 ioquake3_1.36+u20140802+gca9eebb.orig.tar.xz
2cbc3cda14617aaa86bfd7dbfae8ee03927cf8c3 19520 ioquake3_1.36+u20140802+gca9eebb-2+deb8u1.debian.tar.xz
e4de5d55625b0c5dfbd4a61a49bf2ed8dc35450f 1465252 ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_amd64.deb
0664c2d59fcb025f98fb0723142d19f62e76533f 855718 ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u1_amd64.deb
f8b1ed5dd6b5a0beea5244de2f87e5662cf9cd79 5094952 ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u1_amd64.deb
Checksums-Sha256:
308ca0fe3aa91e2c129db0d8f89e7830e7c9d1a3e77c25d8457240fef6eb0a90 2487 ioquake3_1.36+u20140802+gca9eebb-2+deb8u1.dsc
436e83a5754a4a7106d787aba58454f9cc0d99d6476e20e4bd448aa6a025987b 1876668 ioquake3_1.36+u20140802+gca9eebb.orig.tar.xz
879e2e6951e1e221d9da2c1208ff332d3aa866a0dd707492f21d6d4b5cf1ce71 19520 ioquake3_1.36+u20140802+gca9eebb-2+deb8u1.debian.tar.xz
c40adcbf4882370b7b08e571d5f28968987252bd3859678d0ebe272ccf3852e9 1465252 ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_amd64.deb
2ced31044609186b1f134303cf183e2781b86f761a5f0599fa577258c3340754 855718 ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u1_amd64.deb
bcf6cc1843b23a07c87a022e39f51ddbec497edd2411f8eae14e492fe5f5b2b9 5094952 ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u1_amd64.deb
Files:
4dd04d5f454ee0e2097d9baadbbdd946 2487 games optional ioquake3_1.36+u20140802+gca9eebb-2+deb8u1.dsc
c2c32361212294bc8a6f032f97e06832 1876668 games optional ioquake3_1.36+u20140802+gca9eebb.orig.tar.xz
2f92dc6560e66b9ffbc2f63f4a050ce8 19520 games optional ioquake3_1.36+u20140802+gca9eebb-2+deb8u1.debian.tar.xz
4fb5f8dadafb1e2819a82bb33d97f3ba 1465252 games optional ioquake3_1.36+u20140802+gca9eebb-2+deb8u1_amd64.deb
07866243a3e599f500f70dd60e7faab3 855718 games optional ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u1_amd64.deb
0ef15e7a82dce3d3255282c5ea1a31bb 5094952 debug extra ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAljIdNAACgkQTej/KmPH
zJD57g//evpyzZJifwB3HE5nnUqro6efoL2+BxMu9rQ2XJrNHScmauLmh509lRlX
f78AHqYouHb1Bij10JgOJgrkpGoTaniB4JTvCyuMw8YuVpcGQMRoW/fn1f2oVXba
HH3Lf5ksHaS+s2V69rPYRqMlTJCZbIIWzUI9civvO/OxmX81wxCeodNeKa/Q321E
6erQ7i3RqQR1g4hTm/a9WPGUeOCXgSyNdkLcxR6QuFj50tHrZYTmpVAmV4BwQdP7
QpA1GYCxFzHpTC7WTBRo46SrwayRYP16tWD0+zWGR8cIimzal/QQhN6UMlXgXNOd
nWac8bvvT06raha271EJk3895yXBlKOkJSQ1kVIdvfGhAmWm4L+071VM5qk0YHM2
zhyFRGD8UYwHDmalvul8vVLPUR1hx9y/kcKVPbGGzZr202peUkjiITQBJe7Ctp8g
H11rLsFNkW6FZBKY7XlQhEpSRWmirC7Y1qS7RRlAFqFAvhWKeZ+w3NKejmle9JTF
RrADHcKurjVLGoT1Zo4SmmIt38EaJUHe0Ooj6T6uEfhEN6scob09Gj1RP6ZAxbt1
PjyP6fqohWBEXOGYAwKlnjVXB7mDik63W1372nb18RuBrFz1Jj3fXaYMnou89MNa
TNEhUuB870Mqh0kINIWq95n0Z56S5OhJeKoikSMoTxy1PyWAsh4=
=QpKT
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-games-devel
mailing list