Accepted tremulous 1.1.0-7~squeeze1 (source i386 all)

To: debian-changes@lists.debian.org
Subject: Accepted tremulous 1.1.0-7~squeeze1 (source i386 all)
From: Simon McVittie <smcv@debian.org>
Date: Mon, 26 Mar 2012 18:33:04 +0000
Message-id: <[🔎] E1SCEj2-000138-L7@franck.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 25 Mar 2012 13:53:09 +0100
Source: tremulous
Binary: tremulous tremulous-server tremulous-doc
Architecture: source i386 all
Version: 1.1.0-7~squeeze1
Distribution: stable
Urgency: medium
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description: 
 tremulous  - Aliens vs Humans, team based FPS game with elements of an RTS
 tremulous-doc - Tremulous documentation
 tremulous-server - Tremulous server
Closes: 660827 660830 660831 660832 660834 660836
Changes: 
 tremulous (1.1.0-7~squeeze1) stable; urgency=low
 .
   * Stable update (#663104), incorporating security fixes from unstable
   * Fix an incorrect bug number in revision -6
 .
 tremulous (1.1.0-7) unstable; urgency=medium
 .
   * Add a lintian override for embedded-library libjpeg (#589407) to avoid
     auto-rejection. It is a valid bug, but is not a regression, and fixing
     several long-standing security vulnerabilities seems more important
     than getting rid of an embedded library that is not known to be
     exploitable.
 .
 tremulous (1.1.0-6) unstable; urgency=medium
 .
   * Backport patches from ioquake3 to fix long-standing security bugs:
     - CVE-2006-2082: arbitrary file download from server by a malicious client
       (Closes: #660831)
     - CVE-2006-2236 ("the remapShader exploit"): missing bounds-checking on
       COM_StripExtension, exploitable in clients of a malicious server
       (Closes: #660827)
     - CVE-2006-2875 ("q3cbof"): buffer overflow in CL_ParseDownload by a
       malicious server (Closes: #660830)
     - CVE-2006-3324: arbitrary file overwriting in clients of a malicious
       server (Closes: #660832)
     - CVE-2006-3325: arbitrary cvar overwriting (could lead to arbitrary
       code execution) in clients of a malicious server (Closes: #660834)
     - CVE-2011-3012, CVE-2011-2764: DLL overwriting (leading to arbitrary
       code execution) in clients of a malicious server if auto-downloading
       is enabled (Closes: #660836)
   * As a precaution, disable auto-downloading
   * Backport ioquake3 r1141 to fix a potential buffer overflow in error
     handling (not known to be exploitable, but it can't hurt)
   * Add gcc attributes to all printf- and scanf-like functions, and
     fix non-literal format strings (again, none are known to be exploitable)
Checksums-Sha1: 
 093c757c268baf294ca21bf5c3134f1b27c63ccd 1886 tremulous_1.1.0-7~squeeze1.dsc
 824556728fc2c6d25e1236aa73cefd20cf798c80 39677 tremulous_1.1.0-7~squeeze1.debian.tar.gz
 b660cef21e1d446fa3319883c51d3d6b5ef51106 674826 tremulous_1.1.0-7~squeeze1_i386.deb
 06a0f1fd077587c19793cb35fabf887376087e26 351748 tremulous-server_1.1.0-7~squeeze1_i386.deb
 b7e0b2fe05cb5c3cbd327d69e8f9397ba51440c4 645994 tremulous-doc_1.1.0-7~squeeze1_all.deb
Checksums-Sha256: 
 1ee9da033efeb695a4466f6d21750176ac0114ef0f58731d93fe830104e477ed 1886 tremulous_1.1.0-7~squeeze1.dsc
 d6b0e3e4fe5362e82970d0bc7122485d9ceaf501eb1d842c212bc3811e61c61f 39677 tremulous_1.1.0-7~squeeze1.debian.tar.gz
 c44056831bce32a472cac71c256642e3b2ea6d98731ef0b374b7f3491e9b93fd 674826 tremulous_1.1.0-7~squeeze1_i386.deb
 29b9b41418ea60ff11c99758e42a157c7776165f435eae36f9d0d2b240466d8f 351748 tremulous-server_1.1.0-7~squeeze1_i386.deb
 acb7a04f9648594d97c3a05eb0d71d847425d13b5b9e239e41977fa62313b419 645994 tremulous-doc_1.1.0-7~squeeze1_all.deb
Files: 
 1aa63c3fa97393579591711e3c9768c9 1886 contrib/games optional tremulous_1.1.0-7~squeeze1.dsc
 119bddb6b3b70513798a8c991d22668e 39677 contrib/games optional tremulous_1.1.0-7~squeeze1.debian.tar.gz
 b6fa83d46a72a0375642ef689f24239b 674826 contrib/games optional tremulous_1.1.0-7~squeeze1_i386.deb
 6909f73b47b0336243e22b5767e95a48 351748 contrib/games optional tremulous-server_1.1.0-7~squeeze1_i386.deb
 112bab3c2a43ee9218e1a66d65539b12 645994 contrib/doc optional tremulous-doc_1.1.0-7~squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIVAwUBT29a8k3o/ypjx8yQAQj2ZA/+Mxdi5FUwSyH3uZZM8pwpk2rZdNjmb2tg
ZNhCjH35iscLxb5vWmBXiO/GXI1THcQQCfbh7Ciwznf7azD+vItwxMgz8X8GAcco
M39v4H+uewFkNs+yFFqBJgVGZ5F85ZyNSiCXyZa0kvA9tvXt8Mmte/D39MEiG+JD
JyyDJ6zFcfNNIc9x48pR0Mp/GWt70dxFzv5v4fwRebYcIjczGsUMIk74O+spEx0v
fAcboohekqgJuNToKYjiReFbSKbhzNi1oEC6cXRlxybZLSqdGKUzluttyRsosYqM
KgkbdiWGYMkbd7NObjGuD7HnYA1e8APTAT3lMO4FO1ETjtm3AFbkq7KEkx73cSUs
xCzon+nNy1+M2SM0di59ACTkV/Y9vWD7KJc1kv94Nj9MBzpAS4qwBaK/qGb+vhNw
sXoDO/XEz80Z9T3KyX9r0bineg0LdoW0+JFSqmy+tWD03lybcrNusgJrC5yrQ1S+
GX/27mOUMbWluN/qU0Xk21wgGTKTjC4L9dB91rd5egAtiAlJ0NECWxXkQ5b5bgM2
rgvWD4GXZ0QXCyOWMmJF4vSNvOu691CLDBw9NJWQesqRQuZ8FsbtCBxuDzJHzAe5
kEGGmeIHg/gHJETpO2UyMrQZE9qXWwAwePRl7aKVskETddJT6naPqWj3DhsTAtRS
MUbCK2CKgVE=
=9D44
-----END PGP SIGNATURE-----


Accepted:
tremulous-doc_1.1.0-7~squeeze1_all.deb
  to contrib/t/tremulous/tremulous-doc_1.1.0-7~squeeze1_all.deb
tremulous-server_1.1.0-7~squeeze1_i386.deb
  to contrib/t/tremulous/tremulous-server_1.1.0-7~squeeze1_i386.deb
tremulous_1.1.0-7~squeeze1.debian.tar.gz
  to contrib/t/tremulous/tremulous_1.1.0-7~squeeze1.debian.tar.gz
tremulous_1.1.0-7~squeeze1.dsc
  to contrib/t/tremulous/tremulous_1.1.0-7~squeeze1.dsc
tremulous_1.1.0-7~squeeze1_i386.deb
  to contrib/t/tremulous/tremulous_1.1.0-7~squeeze1_i386.deb

Reply to:

Prev by Date: Accepted kdeutils 4:4.4.5-1+squeeze1 (source all amd64)
Next by Date: Accepted openarena 0.8.5-5+squeeze2 (source i386)
Previous by thread: Accepted kdeutils 4:4.4.5-1+squeeze1 (source all amd64)
Next by thread: Accepted openarena 0.8.5-5+squeeze2 (source i386)
Index(es):
- Date
- Thread