Bug#770724: unblock: teeworlds/0.6.2+dfsg-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package teeworlds
This upload fixes a remote DoS vulnerability in teeworlds-server.
See https://security-tracker.debian.org/tracker/source-package/teeworlds
debdiff:
diff -Nru teeworlds-0.6.2+dfsg/debian/changelog teeworlds-0.6.2+dfsg/debian/changelog
--- teeworlds-0.6.2+dfsg/debian/changelog 2013-05-05 09:49:38.000000000 +0200
+++ teeworlds-0.6.2+dfsg/debian/changelog 2014-11-23 16:46:40.000000000 +0100
@@ -1,3 +1,10 @@
+teeworlds (0.6.2+dfsg-2) unstable; urgency=high
+
+ * Fix a server crash that is remotely exploitable. (Closes: #770514)
+ - Add fixed_a_server_crash.patch, cherry picked from 0.6.3.
+
+ -- Felix Geyer <fgeyer@debian.org> Sun, 23 Nov 2014 16:45:28 +0100
+
teeworlds (0.6.2+dfsg-1) unstable; urgency=low
* New upstream release.
diff -Nru teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch
--- teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch 1970-01-01 01:00:00.000000000 +0100
+++ teeworlds-0.6.2+dfsg/debian/patches/fixed_a_server_crash.patch 2014-11-23 16:45:06.000000000 +0100
@@ -0,0 +1,24 @@
+From a766cb44bcffcdb0b88e776d01c5ee1323d44f85 Mon Sep 17 00:00:00 2001
+From: oy <Tom_Adams@web.de>
+Date: Thu, 20 Nov 2014 18:13:54 +0100
+Subject: [PATCH] fixed a server crash
+
+---
+ src/engine/server/server.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/engine/server/server.cpp b/src/engine/server/server.cpp
+index 581c7e6..ab0f312 100644
+--- a/src/engine/server/server.cpp
++++ b/src/engine/server/server.cpp
+@@ -845,8 +845,8 @@ void CServer::ProcessClientPacket(CNetChunk *pPacket)
+ return;
+
+ int Chunk = Unpacker.GetInt();
+- int ChunkSize = 1024-128;
+- int Offset = Chunk * ChunkSize;
++ unsigned int ChunkSize = 1024-128;
++ unsigned int Offset = Chunk * ChunkSize;
+ int Last = 0;
+
+ // drop faulty map data requests
diff -Nru teeworlds-0.6.2+dfsg/debian/patches/series teeworlds-0.6.2+dfsg/debian/patches/series
--- teeworlds-0.6.2+dfsg/debian/patches/series 2013-05-04 14:50:02.000000000 +0200
+++ teeworlds-0.6.2+dfsg/debian/patches/series 2014-11-23 16:45:25.000000000 +0100
@@ -2,3 +2,4 @@
new-wavpack.patch
set-data-dir.patch
pass-build-flags.patch
+fixed_a_server_crash.patch
unblock teeworlds/0.6.2+dfsg-2
Reply to: