Debian Bug report logs -
#318329
netpanzer: DoS through endless loop
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 14 Jul 2005 19:18:02 UTC
Severity: important
Tags: sarge, security
Found in version netpanzer/0.8-1
Fixed in version netpanzer/0.8+svn20060319-1
Done: Gonéri Le Bouder <goneri@rulezlan.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Bartosz Fenski <fenio@debian.org>:
Bug#318329; Package netpanzer.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Bartosz Fenski <fenio@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: netpanzer
Severity: important
Tags: security
There's a DoS vulnerability against netpanzer servers, as they
can be triggered into an endless loop through crafted packages.
It's supposed to be fixed in current SVN. Please see
http://aluigi.altervista.org/adv/panzone-adv.txt
for more information and a proof of concept.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Information forwarded to debian-bugs-dist@lists.debian.org, Bartosz Fenski <fenio@debian.org>:
Bug#318329; Package netpanzer.
(full text, mbox, link).
Acknowledgement sent to Joey Hess <joeyh@debian.org>:
Extra info received and forwarded to list. Copy sent to Bartosz Fenski <fenio@debian.org>.
(full text, mbox, link).
Message #10 received at 318329@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This hole has been assigned CAN-2005-2295. Please mention that in the
changelog when fixing it.
--
see shy jo
[signature.asc (application/pgp-signature, inline)]
Reply sent to Gonéri Le Bouder <goneri@rulezlan.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 318329-close@bugs.debian.org (full text, mbox, reply):
Source: netpanzer
Source-Version: 0.8+svn20060319-1
We believe that the bug you reported is fixed in the latest version of
netpanzer, which is due to be installed in the Debian FTP archive:
netpanzer_0.8+svn20060319-1.diff.gz
to pool/main/n/netpanzer/netpanzer_0.8+svn20060319-1.diff.gz
netpanzer_0.8+svn20060319-1.dsc
to pool/main/n/netpanzer/netpanzer_0.8+svn20060319-1.dsc
netpanzer_0.8+svn20060319-1_i386.deb
to pool/main/n/netpanzer/netpanzer_0.8+svn20060319-1_i386.deb
netpanzer_0.8+svn20060319.orig.tar.gz
to pool/main/n/netpanzer/netpanzer_0.8+svn20060319.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 318329@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gonéri Le Bouder <goneri@rulezlan.org> (supplier of updated netpanzer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 19 Mar 2006 18:54:02 +0100
Source: netpanzer
Binary: netpanzer
Architecture: source i386
Version: 0.8+svn20060319-1
Distribution: unstable
Urgency: low
Maintainer: Alioth Games Devel Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Gonéri Le Bouder <goneri@rulezlan.org>
Description:
netpanzer - online multiplayer tactical warfare game
Closes: 318329 355739
Changes:
netpanzer (0.8+svn20060319-1) unstable; urgency=low
.
* New SVN snapshot.
* Fix security issue against server CAN-2005-2295 (Closes: #318329)
* Fix FTBFS with g++ 4.1 (Closes: #355739)
* New maintainer: Debian pkg-games group
Files:
09f23b013c8cb36ff492d42733679aac 793 games optional netpanzer_0.8+svn20060319-1.dsc
322c857a53e855d2d01d57cf776f0075 473689 games optional netpanzer_0.8+svn20060319.orig.tar.gz
7ae71ce3f81885c611adad12f05843d0 4644 games optional netpanzer_0.8+svn20060319-1.diff.gz
8f7a69e01c363535f17165d6773820e5 422256 games optional netpanzer_0.8+svn20060319-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEIExrBxd04ADYzRYRAgEpAJ4oQhMHpkxIa1HuWLfcFvVZyBHoRACdHlHJ
97L+osCJwTtFt5BVbRB6f48=
=dm22
-----END PGP SIGNATURE-----
Bug marked as found in version 0.8-1.
Request was from "Eddy Petrişor" <eddy.petrisor@gmail.com>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: sarge
Request was from "Eddy Petrişor" <eddy.petrisor@gmail.com>
to control@bugs.debian.org.
(full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 01:22:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Mon Jul 15 22:16:35 2024;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.