To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: pioneers: Client and server can crash from huge chat buffer
Date: Sat, 28 Jan 2006 06:59:04 +0100
Package: pioneers
Severity: normal
Tags: Pending, Security
When a client sends a huge chat buffer to the server, either the server
will send it to the other clients and make them crash, or it will crash
itself. Because this is also possible for non-playing clients
(viewers), this is a denial of service opportunity.
The problem has been fixed in 0.9.49, which will be uploaded soon. This
report is meant only for archive purposes.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Reply sent to Bas Wijnen <shevek@fmf.nl>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Bas Wijnen <shevek@fmf.nl>:
Bug acknowledged by developer.
(full text, mbox, link).
Source: pioneers
Source-Version: 0.9.49-1
We believe that the bug you reported is fixed in the latest version of
pioneers, which is due to be installed in the Debian FTP archive:
pioneers-ai_0.9.49-1_i386.deb
to pool/main/p/pioneers/pioneers-ai_0.9.49-1_i386.deb
pioneers-client_0.9.49-1_i386.deb
to pool/main/p/pioneers/pioneers-client_0.9.49-1_i386.deb
pioneers-help_0.9.49-1_all.deb
to pool/main/p/pioneers/pioneers-help_0.9.49-1_all.deb
pioneers-meta-server_0.9.49-1_i386.deb
to pool/main/p/pioneers/pioneers-meta-server_0.9.49-1_i386.deb
pioneers-server-console_0.9.49-1_i386.deb
to pool/main/p/pioneers/pioneers-server-console_0.9.49-1_i386.deb
pioneers-server-data_0.9.49-1_all.deb
to pool/main/p/pioneers/pioneers-server-data_0.9.49-1_all.deb
pioneers-server-gtk_0.9.49-1_i386.deb
to pool/main/p/pioneers/pioneers-server-gtk_0.9.49-1_i386.deb
pioneers_0.9.49-1.diff.gz
to pool/main/p/pioneers/pioneers_0.9.49-1.diff.gz
pioneers_0.9.49-1.dsc
to pool/main/p/pioneers/pioneers_0.9.49-1.dsc
pioneers_0.9.49.orig.tar.gz
to pool/main/p/pioneers/pioneers_0.9.49.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 350237@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bas Wijnen <shevek@fmf.nl> (supplier of updated pioneers package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 28 Jan 2006 7:08:45 +0100
Source: pioneers
Binary: pioneers-server-gtk pioneers-ai pioneers-meta-server pioneers-server-data pioneers-help pioneers-client pioneers-server-console
Architecture: source all i386
Version: 0.9.49-1
Distribution: unstable
Urgency: high
Maintainer: Debian Games Group <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Bas Wijnen <shevek@fmf.nl>
Description:
pioneers-ai - computer version of the settlers of Catan boardgame - AI player
pioneers-client - computer version of the settlers of Catan boardgame - client
pioneers-help - Online help for the Pioneers client
pioneers-meta-server - computer version of the settlers of Catan boardgame - meta server
pioneers-server-console - computer version of the settlers of Catan boardgame - console ser
pioneers-server-data - Data required by the Pioneers server
pioneers-server-gtk - computer version of the settlers of Catan boardgame - gtk server
Closes: 346472347214350237
Changes:
pioneers (0.9.49-1) unstable; urgency=high
.
* Moved maintainance address to Debian games team.
* New upstream url in copyright file. (Closes: #346472)
* New location for desktop files.
* Extra icons and descriptions for menus.
* Close denial of service hole. (Closes: #350237)
* Upstream CVS snapshot release. (Closes: #347214)
Files:
d153bfd9bf629d8aa43c9a3d9bcf4f2d 925 games optional pioneers_0.9.49-1.dsc
48438a6ef8783c86bfef51e3e23b393f 2277004 games optional pioneers_0.9.49.orig.tar.gz
da1addb82b366942182c9c5cd8965d6b 6161 games optional pioneers_0.9.49-1.diff.gz
3ab05dcfff339abd52f3bce426bab877 59398 games optional pioneers-server-data_0.9.49-1_all.deb
95f1d3330c5a79f837ff3e6d403945e0 451668 games optional pioneers-help_0.9.49-1_all.deb
1bff292cc43840719740259813bae3ee 1193428 games optional pioneers-client_0.9.49-1_i386.deb
d0923771599f2da78b3d9619a30a5390 93230 games optional pioneers-server-console_0.9.49-1_i386.deb
f46da0322fa0528f8efd6d3230cdccfb 125484 games optional pioneers-server-gtk_0.9.49-1_i386.deb
9fa8b6c6f53a656f8910c45ff5dc9c34 65520 games optional pioneers-meta-server_0.9.49-1_i386.deb
704ee1022c987507c2d6c61565a6dba4 99228 games optional pioneers-ai_0.9.49-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD3xhnazfo3TSzaFYRAtCKAJ4nPb9vjTyi4uFM4b2717UW3Rcr7ACfT9I+
/OZzoYQkehIeATDGH1wB9+s=
=R856
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 06:16:19 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.