Debian Bug report logs - #350237
pioneers: Client and server can crash from huge chat buffer

version graph

Package: pioneers; Maintainer for pioneers is Roland Clobus <rclobus@rclobus.nl>; Source for pioneers is src:pioneers.

Reported by: Bas Wijnen <shevek@fmf.nl>

Date: Sat, 28 Jan 2006 06:03:01 UTC

Severity: normal

Tags: security

Fixed in version pioneers/0.9.49-1

Done: Bas Wijnen <shevek@fmf.nl>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org:
Bug#350237; Package pioneers. Full text and rfc822 format available.

Acknowledgement sent to Bas Wijnen <shevek@fmf.nl>:
New Bug report received and forwarded. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bas Wijnen <shevek@fmf.nl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: pioneers: Client and server can crash from huge chat buffer
Date: Sat, 28 Jan 2006 06:59:04 +0100
Package: pioneers
Severity: normal
Tags: Pending, Security

When a client sends a huge chat buffer to the server, either the server
will send it to the other clients and make them crash, or it will crash
itself.  Because this is also possible for non-playing clients
(viewers), this is a denial of service opportunity.

The problem has been fixed in 0.9.49, which will be uploaded soon.  This
report is meant only for archive purposes.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)



Reply sent to Bas Wijnen <shevek@fmf.nl>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Bas Wijnen <shevek@fmf.nl>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 350237-close@bugs.debian.org (full text, mbox):

From: Bas Wijnen <shevek@fmf.nl>
To: 350237-close@bugs.debian.org
Subject: Bug#350237: fixed in pioneers 0.9.49-1
Date: Tue, 31 Jan 2006 00:17:09 -0800
Source: pioneers
Source-Version: 0.9.49-1

We believe that the bug you reported is fixed in the latest version of
pioneers, which is due to be installed in the Debian FTP archive:

pioneers-ai_0.9.49-1_i386.deb
  to pool/main/p/pioneers/pioneers-ai_0.9.49-1_i386.deb
pioneers-client_0.9.49-1_i386.deb
  to pool/main/p/pioneers/pioneers-client_0.9.49-1_i386.deb
pioneers-help_0.9.49-1_all.deb
  to pool/main/p/pioneers/pioneers-help_0.9.49-1_all.deb
pioneers-meta-server_0.9.49-1_i386.deb
  to pool/main/p/pioneers/pioneers-meta-server_0.9.49-1_i386.deb
pioneers-server-console_0.9.49-1_i386.deb
  to pool/main/p/pioneers/pioneers-server-console_0.9.49-1_i386.deb
pioneers-server-data_0.9.49-1_all.deb
  to pool/main/p/pioneers/pioneers-server-data_0.9.49-1_all.deb
pioneers-server-gtk_0.9.49-1_i386.deb
  to pool/main/p/pioneers/pioneers-server-gtk_0.9.49-1_i386.deb
pioneers_0.9.49-1.diff.gz
  to pool/main/p/pioneers/pioneers_0.9.49-1.diff.gz
pioneers_0.9.49-1.dsc
  to pool/main/p/pioneers/pioneers_0.9.49-1.dsc
pioneers_0.9.49.orig.tar.gz
  to pool/main/p/pioneers/pioneers_0.9.49.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 350237@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Wijnen <shevek@fmf.nl> (supplier of updated pioneers package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 28 Jan 2006  7:08:45 +0100
Source: pioneers
Binary: pioneers-server-gtk pioneers-ai pioneers-meta-server pioneers-server-data pioneers-help pioneers-client pioneers-server-console
Architecture: source all i386
Version: 0.9.49-1
Distribution: unstable
Urgency: high
Maintainer: Debian Games Group <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Bas Wijnen <shevek@fmf.nl>
Description: 
 pioneers-ai - computer version of the settlers of Catan boardgame - AI player
 pioneers-client - computer version of the settlers of Catan boardgame - client
 pioneers-help - Online help for the Pioneers client
 pioneers-meta-server - computer version of the settlers of Catan boardgame - meta server
 pioneers-server-console - computer version of the settlers of Catan boardgame - console ser
 pioneers-server-data - Data required by the Pioneers server
 pioneers-server-gtk - computer version of the settlers of Catan boardgame - gtk server
Closes: 346472 347214 350237
Changes: 
 pioneers (0.9.49-1) unstable; urgency=high
 .
   * Moved maintainance address to Debian games team.
   * New upstream url in copyright file. (Closes: #346472)
   * New location for desktop files.
   * Extra icons and descriptions for menus.
   * Close denial of service hole. (Closes: #350237)
   * Upstream CVS snapshot release. (Closes: #347214)
Files: 
 d153bfd9bf629d8aa43c9a3d9bcf4f2d 925 games optional pioneers_0.9.49-1.dsc
 48438a6ef8783c86bfef51e3e23b393f 2277004 games optional pioneers_0.9.49.orig.tar.gz
 da1addb82b366942182c9c5cd8965d6b 6161 games optional pioneers_0.9.49-1.diff.gz
 3ab05dcfff339abd52f3bce426bab877 59398 games optional pioneers-server-data_0.9.49-1_all.deb
 95f1d3330c5a79f837ff3e6d403945e0 451668 games optional pioneers-help_0.9.49-1_all.deb
 1bff292cc43840719740259813bae3ee 1193428 games optional pioneers-client_0.9.49-1_i386.deb
 d0923771599f2da78b3d9619a30a5390 93230 games optional pioneers-server-console_0.9.49-1_i386.deb
 f46da0322fa0528f8efd6d3230cdccfb 125484 games optional pioneers-server-gtk_0.9.49-1_i386.deb
 9fa8b6c6f53a656f8910c45ff5dc9c34 65520 games optional pioneers-meta-server_0.9.49-1_i386.deb
 704ee1022c987507c2d6c61565a6dba4 99228 games optional pioneers-ai_0.9.49-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD3xhnazfo3TSzaFYRAtCKAJ4nPb9vjTyi4uFM4b2717UW3Rcr7ACfT9I+
/OZzoYQkehIeATDGH1wB9+s=
=R856
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 06:16:19 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 09:09:52 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.