Accepted tintin++ 1.97.9-2 (source amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 10 Mar 2008 18:09:24 +0100
Source: tintin++
Binary: tintin++
Architecture: source amd64
Version: 1.97.9-2
Distribution: unstable
Urgency: high
Maintainer: Ana Beatriz Guerrero Lopez <ana@debian.org>
Changed-By: Ana Beatriz Guerrero Lopez <ana@debian.org>
Description:
tintin++ - classic text-based MUD client
Closes: 465643
Changes:
tintin++ (1.97.9-2) unstable; urgency=high
.
* Add secutity.patch fixing the following security bugs:
- CVE-2008-0671:
Stack-based buffer overflow in the add_line_buffer function allows
remote attackers to execute arbitrary code via a long chat message,
related to conversion from LF to CRLF.
- CVE-2008-0672:
The process_chat_input function allows remote attackers to cause a
denial of service (application crash) via a YES message without a newline
character, which triggers a NULL dereference.
- CVE-2008-0673:
TinTin++ open files on the basis of an inbound file-transfer request, before
the user has an opportunity to decline the request, which allows remote
attackers to truncate arbitrary files in the top level of a home directory.
(Closes: #465643)
.
* Add quilt support for patching.
Files:
70e495765e3b8ee7113f7861135f4212 701 games optional tintin++_1.97.9-2.dsc
84c076763b3f554e0d7dbfce30f77a85 6044 games optional tintin++_1.97.9-2.diff.gz
00b06180069dbc6fc5e286cca97b5a9c 140278 games optional tintin++_1.97.9-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Ana Guerrero
iD8DBQFH1XWwn3j4POjENGERAs3jAJ9dHITv/53lwUFyPjUiOsqy+5ak2ACbB0vl
7ayyPfqgnI9eJHpZ/5lTfh8=
=zYtK
-----END PGP SIGNATURE-----
Accepted:
tintin++_1.97.9-2.diff.gz
to pool/main/t/tintin++/tintin++_1.97.9-2.diff.gz
tintin++_1.97.9-2.dsc
to pool/main/t/tintin++/tintin++_1.97.9-2.dsc
tintin++_1.97.9-2_amd64.deb
to pool/main/t/tintin++/tintin++_1.97.9-2_amd64.deb
Reply to: