Debian Bug report logs - #381378
CVE-2006-3913: arbitrary code execution in freeciv

version graph

Package: freeciv; Maintainer for freeciv is Debian Games Team <pkg-games-devel@lists.alioth.debian.org>;

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Thu, 3 Aug 2006 23:18:13 UTC

Severity: grave

Tags: fixed, patch, security

Fixed in version freeciv/2.0.8-3

Done: Jordi Mallach <jordi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>:
Bug#381378; Package freeciv. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2006-3913: arbitrary code execution in freeciv
Date: Fri, 04 Aug 2006 00:28:51 +0200
Package: freeciv
Severity: grave
Tags: security
Justification: user security hole

CVE-2006-3913:
"Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
2006 and earlier, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a (1) negative
chunk_length or a (2) large chunk->offset value in a
PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
generic_handle_player_attribute_chunk function in common/packets.c,
and (3) a large packet->length value in the handle_unit_orders
function in server/unithand.c."

Please mention the CVE-id in the changelog.



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>:
Bug#381378; Package freeciv. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 381378@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Stefan Fritsch <sf@sfritsch.de>
Cc: Debian Bug Tracking System <381378@bugs.debian.org>
Subject: Re: Bug#381378: CVE-2006-3913: arbitrary code execution in freeciv
Date: Fri, 4 Aug 2006 06:58:24 +0200
[Message part 1 (text/plain, inline)]
Stefan Fritsch wrote:
> Package: freeciv
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> CVE-2006-3913:
> "Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
> 2006 and earlier, allows remote attackers to cause a denial of service
> (crash) and possibly execute arbitrary code via a (1) negative
> chunk_length or a (2) large chunk->offset value in a
> PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
> generic_handle_player_attribute_chunk function in common/packets.c,
> and (3) a large packet->length value in the handle_unit_orders
> function in server/unithand.c."
> 
> Please mention the CVE-id in the changelog.

Attached please find the patch sent to the maintainer already.

Regards,

	Joey


-- 
In the beginning was the word, and the word was content-type: text/plain

Please always Cc to me when replying to me on the lists.
[patch.CVE-2006-3913.freeciv (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>:
Bug#381378; Package freeciv. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 381378@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 381378@bugs.debian.org
Subject: Re: CVE-2006-3913: arbitrary code execution in freeciv
Date: Wed, 16 Aug 2006 19:31:38 -0700
tags 381378 patch
thanks

Hi guys,

I've prepared a 0-day NMU for this security bug in freeciv, applying the
relevant bits of the patch Joey sent to the bug report.  Please find the
full NMU diff attached.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/



Tags added: patch Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>:
Bug#381378; Package freeciv. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #22 received at 381378@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 381378@bugs.debian.org
Subject: Re: CVE-2006-3913: arbitrary code execution in freeciv
Date: Wed, 16 Aug 2006 19:32:34 -0700
[Message part 1 (text/plain, inline)]
On Wed, Aug 16, 2006 at 07:31:38PM -0700, Steve Langasek wrote:
> tags 381378 patch
> thanks

> Hi guys,

> I've prepared a 0-day NMU for this security bug in freeciv, applying the
> relevant bits of the patch Joey sent to the bug report.  Please find the
> full NMU diff attached.

Made you look!

Now try to find the full NMU diff attached /here/.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/
[freeciv-381378.diff (text/plain, attachment)]

Tags added: fixed Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Jordi Mallach <jordi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #29 received at 381378-close@bugs.debian.org (full text, mbox):

From: Jordi Mallach <jordi@debian.org>
To: 381378-close@bugs.debian.org
Subject: Bug#381378: fixed in freeciv 2.0.8-3
Date: Fri, 18 Aug 2006 21:17:17 -0700
Source: freeciv
Source-Version: 2.0.8-3

We believe that the bug you reported is fixed in the latest version of
freeciv, which is due to be installed in the Debian FTP archive:

freeciv-client-gtk_2.0.8-3_sparc.deb
  to pool/main/f/freeciv/freeciv-client-gtk_2.0.8-3_sparc.deb
freeciv-client-xaw3d_2.0.8-3_sparc.deb
  to pool/main/f/freeciv/freeciv-client-xaw3d_2.0.8-3_sparc.deb
freeciv-data_2.0.8-3_all.deb
  to pool/main/f/freeciv/freeciv-data_2.0.8-3_all.deb
freeciv-server_2.0.8-3_sparc.deb
  to pool/main/f/freeciv/freeciv-server_2.0.8-3_sparc.deb
freeciv_2.0.8-3.diff.gz
  to pool/main/f/freeciv/freeciv_2.0.8-3.diff.gz
freeciv_2.0.8-3.dsc
  to pool/main/f/freeciv/freeciv_2.0.8-3.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 381378@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jordi Mallach <jordi@debian.org> (supplier of updated freeciv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 18 Aug 2006 11:55:47 +0200
Source: freeciv
Binary: freeciv-client-gtk freeciv-data freeciv-client-xaw3d freeciv-server
Architecture: source all sparc
Version: 2.0.8-3
Distribution: unstable
Urgency: high
Maintainer: Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description: 
 freeciv-client-gtk - Civilization turn based strategy game (GTK+ client)
 freeciv-client-xaw3d - Civilization turn based strategy game (Xaw3D client)
 freeciv-data - Civilization turn based strategy game (game data)
 freeciv-server - Civilization turn based strategy game (server files)
Closes: 381378
Changes: 
 freeciv (2.0.8-3) unstable; urgency=high
 .
   * Ack vorlon's NMU. Thanks! Closes: #381378.
   * Add common/packets.c bits to CVE-2006-3913 from freeciv's SVN
     repository.
Files: 
 cb507b9edf490ca9860c77cc829c5ba3 1031 games optional freeciv_2.0.8-3.dsc
 7086d340b57c9915fe67933382015d6c 47681 games optional freeciv_2.0.8-3.diff.gz
 85946267fc421767586e6380f9e472fe 3911132 games optional freeciv-data_2.0.8-3_all.deb
 de58ee632cc4374b933e366feebbcb9c 428776 games optional freeciv-server_2.0.8-3_sparc.deb
 c9ea0e5d9ba02155272f639042e3fc0d 366996 games optional freeciv-client-xaw3d_2.0.8-3_sparc.deb
 a5c92649b107d0362861d5955fde045b 392856 games optional freeciv-client-gtk_2.0.8-3_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Debian!

iD8DBQFE5o7c5m0u66uWM3ARAj0rAJsEfljMvGCGOYiF69c4oAyCeX4tyACdGa3o
LMV1xKVjXMh2AtN1OvNHq+E=
=Ayfh
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 16:32:27 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 02:03:05 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.