Re: Security unfreezes/priority bumps

To: Luk Claes <luk@debian.org>
Cc: debian-release@lists.debian.org, pkg-games-devel@lists.alioth.debian.org
Subject: Re: Security unfreezes/priority bumps
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 26 Dec 2006 14:58:44 +0100
Message-id: <[🔎] 20061226135844.GA4662@galadriel.inutil.org>
In-reply-to: <[🔎] 459104FC.90204@debian.org>
References: <[🔎] 20061223130154.GY26131@mx0.halon.org.uk> <[🔎] 459104FC.90204@debian.org>

In gmane.linux.debian.devel.release, Luk wrote:
>> libarchive - unfreeze
>> 	1.2.53-2 to 1.3.1-1
>> 	CVE-2006-5680 - DoS (CPU consumption)
>
> Not important according to tracker and too big diff...

Indeed, this is hardly a security problem.

>> nexuiz - unfreeze/bump
>> 	2.1-1 to 2.2.1-1
>> 	CVE-2006-6609 - DoS
>> 	CVE-2006-6610 - remote console command injection
>> nexuiz-data - unfreeze/bump
>> 	2.1-1 to 2.2.1-1
>> 	Same issues as above
>
> Too big diff IMHO, so I'm not unblocking these...

Upstream changelog reads:
- fixed clientcommands remote console command injection
- fixed fake players DoS

Can one of the maintainers please get in contact with upstream
for details? Does the former changelog entry refer to shell
commands or commands executed in an in-game console as the
one used in Quake?

Cheers,
        Moritz

Reply to:

References:
- Security unfreezes/priority bumps
  - From: Neil McGovern <neilm@debian.org>
- Re: Security unfreezes/priority bumps
  - From: Luk Claes <luk@debian.org>

Prev by Date: Re: ttf-junicode
Next by Date: Re: horae_063-2 closes RC bug #404006
Previous by thread: Re: Security unfreezes/priority bumps
Next by thread: Question about sysklogd Etch migration
Index(es):
- Date
- Thread