Bug#978745: Server buffer overflow when reading tailored score log
Markus Koschany
apo at debian.org
Thu Dec 31 12:38:24 GMT 2020
Hi,
Am Donnerstag, den 31.12.2020, 10:36 +0200 schrieb Marko Lindqvist:
> Package: freeciv
> Version: 2.6.2.1-2
> Tags: Security
>
> Freeciv server has a buffer overflow vulnerability, if it reads
> tailored score log file.
> Score log functionality is not enabled by default, and it's rarely enabled.
> Freeciv-2.6.3 to be released later tonight will contain a fix. I'll
> send link to upstream ticket once it is available.
If you consider this bug security relevant, I suggest to request a CVE
identifier from Mitre to inform other vendors about the problem too.
Debian bug #978744 sounds like a remote denial-of-service vulnerability.
Another CVE should be requested for this one.
https://cveform.mitre.org/
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-games-devel/attachments/20201231/07e91228/attachment.sig>
More information about the Pkg-games-devel
mailing list