Debian Bug report logs - #357645
teg: [CAN-2006-1150] Remote DOS vulnerability

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Justin Pryzby <justinpryzby@users.sourceforge.net>

To: Debian BTS Submission <submit@bugs.debian.org>

Subject: teg: Remote DoS vulnerability

Date: Sat, 18 Mar 2006 13:45:41 -0500

[Message part 1 (text/plain, inline)]

Package: teg
Severity: important
Tags: fixed-upstream upstream patch

The upstream patch is attached; I retrieved it with:
cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/teg login
cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/teg co .
cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/teg log |less
cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/teg diff -u -D '2006/03/16 21:59:34' -D 2006/03/15 teg/server/player.c

Debian patch will follow..

I don't know if this warrents a security upload, but I cc: them
anyway; this patch should also apply to sarge (player.c).

BTW, upstream authors, you should fix your copyright notice;
"copyright: gpl" doesn't make sense; the gpl is a license and not a
copyright holder.

----- Forwarded message from Davide Puricelli <dpuricelli@tin.it> -----

X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on 
	webmin.steelfarms.net
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham 
	version=3.1.0
Old-Return-Path: <dpuricelli@tin.it>
From: Davide Puricelli <dpuricelli@tin.it>
To: Wolfgang Morawetz <wolfgang.morawetz@gmx.at>
Cc: packages@qa.debian.org
Subject: Re: Remote DoS vulnerability in TEG
X-Operating-System: Linux gladstone.duckburg.org 2.6.15.4-gladstone1 
X-Rc-Virus: 2005-11-10_01
X-Rc-Spam: 2006-03-13_01
Resent-Message-ID: <iNPUZD.A.gtC.6SEHEB@murphy>
Resent-From: debian-qa-packages@lists.debian.org
X-Mailing-List: <debian-qa-packages@lists.debian.org> archive/latest/12390
List-Id: <debian-qa-packages.lists.debian.org>
List-Post: <mailto:debian-qa-packages@lists.debian.org>
List-Help: <mailto:debian-qa-packages-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-qa-packages-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-qa-packages-request@lists.debian.org?subject=unsubscribe>
Resent-Sender: debian-qa-packages-request@lists.debian.org
Resent-Date: Sat, 18 Mar 2006 11:34:51 -0600 (CST)

On Fri, Mar 17, 2006 at 02:57:17PM +0100, Wolfgang Morawetz wrote:
> Hi,
> i will inform you about a remote DOS vulnerability in TEG
> The fix is in CVS.

Hi, I orphaned the teg package some months ago, therefore I'm forwarding
your email to our Quality Assurance group, thanks anyway!

Regards,
-- 
Davide Puricelli, dpuricelli@tin.it
Debian Developer: evo@debian.org | http://www.debian.org

Time looked like snow dropping silently into a black room -- Ray Bradbury



----- End forwarded message -----

[teg-diff (text/plain, attachment)]

Message #10 received at 357645@bugs.debian.org (full text, mbox, reply):

From: Justin Pryzby <justinpryzby@users.sourceforge.net>

To: 357645@bugs.debian.org

Cc: control@bugs.debian.org

Subject: debian patch

Date: Sat, 18 Mar 2006 13:54:29 -0500

[Message part 1 (text/plain, inline)]

tag 357645 security
thanks

Interdiff patch now attached; somebody please help yourselves to the
upload.

[teg-diff-CAN-2006-1150-debian (text/plain, attachment)]

Message #17 received at 357645@bugs.debian.org (full text, mbox, reply):

From: Justin Pryzby <justinpryzby@users.sourceforge.net>

To: 357645@bugs.debian.org

Subject: Re: debian patch

Date: Sat, 18 Mar 2006 14:45:27 -0500

[Message part 1 (text/plain, inline)]

On Sat, Mar 18, 2006 at 01:54:29PM -0500, pryzbyj wrote:
> tag 357645 security
> thanks
> 
> Interdiff patch now attached; somebody please help yourselves to the
> upload.
A revised patch with some enhancements

[teg-diff-CAN-2006-1150-debian (text/plain, attachment)]

Message #24 received at 357645@bugs.debian.org (full text, mbox, reply):

From: Gonéri Le Bouder <goneri@rulezlan.org>

To: 357645@bugs.debian.org

Subject: Re: debian patch

Date: Sat, 27 May 2006 00:12:26 +0200

[Message part 1 (text/plain, inline)]

I have adpoted teg and imported it in pkg-games svn.
i'm preparing an upload with your patch.

Regards,

	Gonéri

[Message part 2 (application/pgp-signature, inline)]

Message #29 received at 357645-close@bugs.debian.org (full text, mbox, reply):

From: Gonéri Le Bouder <goneri@rulezlan.org>

To: 357645-close@bugs.debian.org

Subject: Bug#357645: fixed in teg 0.11.1-3

Date: Wed, 12 Jul 2006 14:32:10 -0700

Source: teg
Source-Version: 0.11.1-3

We believe that the bug you reported is fixed in the latest version of
teg, which is due to be installed in the Debian FTP archive:

teg_0.11.1-3.diff.gz
  to pool/main/t/teg/teg_0.11.1-3.diff.gz
teg_0.11.1-3.dsc
  to pool/main/t/teg/teg_0.11.1-3.dsc
teg_0.11.1-3_powerpc.deb
  to pool/main/t/teg/teg_0.11.1-3_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 357645@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gonéri Le Bouder <goneri@rulezlan.org> (supplier of updated teg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 26 May 2006 23:15:47 +0200
Source: teg
Binary: teg
Architecture: source powerpc
Version: 0.11.1-3
Distribution: unstable
Urgency: high
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Gonéri Le Bouder <goneri@rulezlan.org>
Description: 
 teg        - Turn based strategy game
Closes: 322103 357645
Changes: 
 teg (0.11.1-3) unstable; urgency=high
 .
   [ Gonéri Le Bouder ]
   * New maintainer, closes: #322103.
   * switch to simple-patchsys
   * compat 5
   * Standards-Version: 3.7.2
   * set Maintainer to Debian Games Team
   * add myself in uploader
   * change section to games
   * add cdbs in Build-Depends:
   * debhelper 5.0.0
   * change icon location to /usr/share/pixmaps/teg.xpm
   * update rules file
   * data are installed in /usr/share/games/teg
   * watch file
 .
   [ Justin Pryzby ]
   * Manually apply the changes made upstream to address remote DoS
     patch teg-diff-CAN-2006-1150-debian
     [CAN-2006-1150]; Closes: #357645.
   * update copyright file
   * Drop the README, which mostly duplicated the description
   * add a homepage pseudofield in the Description entry
Files: 
 82f63bbab4252b5e10a0d45eea94b45e 1002 games optional teg_0.11.1-3.dsc
 071d6dab84f29dd711c2b7bdf67f2972 6146 games optional teg_0.11.1-3.diff.gz
 8201436bc0ae1c8f1b9b38aa42b51fdb 3317696 games optional teg_0.11.1-3_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEtWU/Bxd04ADYzRYRAjB1AKCDiy8eIrf2XW0GMvJ5OEbY5BTELwCfRmS7
cB2nrRxyXLliC2GNKGNX8og=
=bc0W
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.