Package: pioneers
Version: 0.11.2-2
Severity: normal
Tags: security, fixed-upstream, patch
By sending special codes to the pioneers server, it can be made to
crash. The game that was in progress is lost when this happens.
It is not possible to execute code using this bug.
The patch for this problem is here:
http://sourceforge.net/tracker/index.php?func=detail&aid=1791176&group_id=5095&atid=305095
It is already applied in the new upstream release, 0.11.3, which I shall
package soon.
Security team: please let me know if I can/should do anything to get
this patch into stable. I think it should apply directly to the stable
package without problems (but I didn't test that yet).
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://pcbcn10.phys.rug.nl/e-mail.html
Source: pioneers
Source-Version: 0.11.3-1
We believe that the bug you reported is fixed in the latest version of
pioneers, which is due to be installed in the Debian FTP archive:
pioneers-console-data_0.11.3-1_all.deb
to pool/main/p/pioneers/pioneers-console-data_0.11.3-1_all.deb
pioneers-console_0.11.3-1_i386.deb
to pool/main/p/pioneers/pioneers-console_0.11.3-1_i386.deb
pioneers-data_0.11.3-1_all.deb
to pool/main/p/pioneers/pioneers-data_0.11.3-1_all.deb
pioneers_0.11.3-1.diff.gz
to pool/main/p/pioneers/pioneers_0.11.3-1.diff.gz
pioneers_0.11.3-1.dsc
to pool/main/p/pioneers/pioneers_0.11.3-1.dsc
pioneers_0.11.3-1_i386.deb
to pool/main/p/pioneers/pioneers_0.11.3-1_i386.deb
pioneers_0.11.3.orig.tar.gz
to pool/main/p/pioneers/pioneers_0.11.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 449541@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bas Wijnen <wijnen@debian.org> (supplier of updated pioneers package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 12 Nov 2007 08:23:14 +0100
Source: pioneers
Binary: pioneers-data pioneers-console pioneers-console-data pioneers
Architecture: source all i386
Version: 0.11.3-1
Distribution: unstable
Urgency: low
Maintainer: Bas Wijnen <wijnen@debian.org>
Changed-By: Bas Wijnen <wijnen@debian.org>
Description:
pioneers - the Settlers of Catan board game
pioneers-console - the Settlers of Catan board game - console parts
pioneers-console-data - the Settlers of Catan board game - data files
pioneers-data - the Settlers of Catan board game - data files
Closes: 447379449541
Changes:
pioneers (0.11.3-1) unstable; urgency=low
.
* New upstream security release (Closes: #449541).
* Fix bashism in init script (Closes: #447379).
Files:
dbc444a3b1cb56305e401fdc1544260c 1004 games optional pioneers_0.11.3-1.dsc
b9184fb30f3fb04d3d010628a2a12b52 2834584 games optional pioneers_0.11.3.orig.tar.gz
db4e118872cb2e0680dfc634fda359c0 11449 games optional pioneers_0.11.3-1.diff.gz
2e925fe0d941d2b65a5587b1c5fa1cb7 1803344 games optional pioneers-data_0.11.3-1_all.deb
8124dc40cdf204676b64b3bd539d4550 235414 games optional pioneers-console-data_0.11.3-1_all.deb
d3a2227f198e4c2d985d59f584b39740 312930 games optional pioneers_0.11.3-1_i386.deb
97bf054c92672aa800e2b61a0ca82b22 190148 games optional pioneers-console_0.11.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHOAeCFShl+2J8z5URAryrAJ0RQB9IISh9q83Y2GGnp4L0rRWTUwCcDoS4
doJ3cg4JrwP8Dd98jVXGVnM=
=h7tp
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, Bas Wijnen <wijnen@debian.org>: Bug#449541; Package pioneers.
(full text, mbox, link).
Acknowledgement sent to Bas Wijnen <shevek@fmf.nl>:
Extra info received and forwarded to list. Copy sent to Bas Wijnen <wijnen@debian.org>.
(full text, mbox, link).
found 449541 0.11.3-1
thanks
A bug which caused a segmentation fault was fixed, however it is still
possible to crash the server remotely, this time by triggering an
assert. Therefore I am reopening this bug.
Thanks,
Bas
On Mon, Nov 12, 2007 at 08:45:10AM +0000, Debian Bug Tracking System wrote:
> * New upstream security release (Closes: #449541).
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://pcbcn10.phys.rug.nl/e-mail.html
Bug marked as found in version 0.11.3-1 and reopened.
Request was from Bas Wijnen <shevek@fmf.nl>
to control@bugs.debian.org.
(Mon, 12 Nov 2007 09:24:03 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Bas Wijnen <wijnen@debian.org>: Bug#449541; Package pioneers.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Bas Wijnen <wijnen@debian.org>.
(full text, mbox, link).
Changed Bug title to `CVE-2007-5933 remote denial of service' from `pioneers: server can be made to crash remotely'.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Thu, 15 Nov 2007 11:57:02 GMT) (full text, mbox, link).
Changed Bug title to `CVE-2007-5933 remove denial of service' from `CVE-2007-5933 remote denial of service'.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Thu, 15 Nov 2007 11:57:03 GMT) (full text, mbox, link).
Changed Bug title to `CVE-2007-5933 remote denial of service' from `CVE-2007-5933 remove denial of service'.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Thu, 15 Nov 2007 12:06:11 GMT) (full text, mbox, link).
Tags removed: fixed-upstream
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Thu, 15 Nov 2007 12:06:13 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org: Bug#449541; Package pioneers.
(full text, mbox, link).
Acknowledgement sent to Bas Wijnen <wijnen@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
forwarded 449541 http://sourceforge.net/tracker/index.php?func=detail&aid=1786686&group_id=5095&atid=105095
tags 449541 -patch
thanks
On Thu, Nov 15, 2007 at 01:06:49PM +0100, Nico Golde wrote:
> * Bas Wijnen <shevek@fmf.nl> [2007-11-12 12:13]:
> > A bug which caused a segmentation fault was fixed, however it is still
> > possible to crash the server remotely, this time by triggering an
> > assert. Therefore I am reopening this bug.
>
> Do you have some more information? This alone is not really
> helpful. Backtraces? Steps to reproduce this? Code?
I'm not really sure what triggers it. Bug #1786686 on sourceforge has
some more info, but none of it is really certain.
> For security reasons, all text in this mail is double-rot13 encrypted.
:-)
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://pcbcn10.phys.rug.nl/e-mail.html
Source: pioneers
Source-Version: 0.11.3-2
We believe that the bug you reported is fixed in the latest version of
pioneers, which is due to be installed in the Debian FTP archive:
pioneers-console-data_0.11.3-2_all.deb
to pool/main/p/pioneers/pioneers-console-data_0.11.3-2_all.deb
pioneers-console_0.11.3-2_i386.deb
to pool/main/p/pioneers/pioneers-console_0.11.3-2_i386.deb
pioneers-data_0.11.3-2_all.deb
to pool/main/p/pioneers/pioneers-data_0.11.3-2_all.deb
pioneers_0.11.3-2.diff.gz
to pool/main/p/pioneers/pioneers_0.11.3-2.diff.gz
pioneers_0.11.3-2.dsc
to pool/main/p/pioneers/pioneers_0.11.3-2.dsc
pioneers_0.11.3-2_i386.deb
to pool/main/p/pioneers/pioneers_0.11.3-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 449541@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bas Wijnen <wijnen@debian.org> (supplier of updated pioneers package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 16 Nov 2007 10:04:05 +0100
Source: pioneers
Binary: pioneers-data pioneers-console pioneers-console-data pioneers
Architecture: source all i386
Version: 0.11.3-2
Distribution: unstable
Urgency: high
Maintainer: Bas Wijnen <wijnen@debian.org>
Changed-By: Bas Wijnen <wijnen@debian.org>
Description:
pioneers - the Settlers of Catan board game
pioneers-console - the Settlers of Catan board game - console parts
pioneers-console-data - the Settlers of Catan board game - data files
pioneers-data - the Settlers of Catan board game - data files
Closes: 449541
Changes:
pioneers (0.11.3-2) unstable; urgency=high
.
* Fix server crash when disconnecting really soon. (Closes: #449541;
CVE-2007-5933)
Files:
4e8c7c618857c73ab926010241827777 1004 games optional pioneers_0.11.3-2.dsc
87b46d97f1c8b7eb08e2ca16aae91dfa 11894 games optional pioneers_0.11.3-2.diff.gz
0bbc2027e420098f47d7b0f7e4ae0dfc 1803444 games optional pioneers-data_0.11.3-2_all.deb
4ac3cdcd6a0107335c5a301eca515a7f 235468 games optional pioneers-console-data_0.11.3-2_all.deb
82b86f31bd0903646b95de51a407a546 313026 games optional pioneers_0.11.3-2_i386.deb
53bc431175d174551bfd4a7171300c84 190216 games optional pioneers-console_0.11.3-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHPWMtFShl+2J8z5URAn7uAKDEk5oIk75wGt/bnM+Z/V6hSBDougCeMkUY
LNhPUgeJrHJjUxv7Ld7mu5s=
=LeDf
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org: Bug#449541; Package pioneers.
(full text, mbox, link).
Acknowledgement sent to Bas Wijnen <wijnen@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Bas Wijnen <wijnen@debian.org>: Bug#449541; Package pioneers.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Bas Wijnen <wijnen@debian.org>.
(full text, mbox, link).
Hi Bas,
> As I wrote before, there was a DoS vulnerability in Pioneers. While
> testing if it also occurred in stable, I found a second problem, which
> is now also fixed. The fix is uploaded to unstable, and should enter
> testing in 2 days. The attached patch fixes both problems in stable.
> To use it:
Thanks for providing an update, but since we have a wide range of more
important security issues to address it is very unlikely we'll be able
to release an update for crash bugs in a game server, since there
will almost always be new and more grave issues on the plate.
I'd recommend to update this through a stable point update instead.
Cheers,
Moritz
Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Bas Wijnen <wijnen@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Subject: Bug#449541: fixed in pioneers 0.11.2-2+lenny1
Date: Wed, 28 Nov 2007 01:47:02 +0000
Source: pioneers
Source-Version: 0.11.2-2+lenny1
We believe that the bug you reported is fixed in the latest version of
pioneers, which is due to be installed in the Debian FTP archive:
pioneers-console-data_0.11.2-2+lenny1_all.deb
to pool/main/p/pioneers/pioneers-console-data_0.11.2-2+lenny1_all.deb
pioneers-console_0.11.2-2+lenny1_i386.deb
to pool/main/p/pioneers/pioneers-console_0.11.2-2+lenny1_i386.deb
pioneers-data_0.11.2-2+lenny1_all.deb
to pool/main/p/pioneers/pioneers-data_0.11.2-2+lenny1_all.deb
pioneers_0.11.2-2+lenny1.diff.gz
to pool/main/p/pioneers/pioneers_0.11.2-2+lenny1.diff.gz
pioneers_0.11.2-2+lenny1.dsc
to pool/main/p/pioneers/pioneers_0.11.2-2+lenny1.dsc
pioneers_0.11.2-2+lenny1_i386.deb
to pool/main/p/pioneers/pioneers_0.11.2-2+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 449541@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated pioneers package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 27 Nov 2007 22:39:28 +0000
Source: pioneers
Binary: pioneers-data pioneers-console pioneers-console-data pioneers
Architecture: source all i386
Version: 0.11.2-2+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Bas Wijnen <wijnen@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
pioneers - the Settlers of Catan board game
pioneers-console - the Settlers of Catan board game - console parts
pioneers-console-data - the Settlers of Catan board game - data files
pioneers-data - the Settlers of Catan board game - data files
Closes: 449541
Changes:
pioneers (0.11.2-2+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by testing-security team.
* The following security issues are addressed with this upload:
- CVE-2007-5933: remote denial of service triggered by an
early disconnect (Closes: #449541).
- CVE-2007-6010: remote denial of service triggered by
a broken pipe.
Files:
57a00d08abed503501c0f42f8f71bc92 879 games optional pioneers_0.11.2-2+lenny1.dsc
4fb3ec61f5a084431fe46048bd30de9d 2834238 games optional pioneers_0.11.2.orig.tar.gz
1f69ae3bb37fc4aa0ec9855652cca6f5 12649 games optional pioneers_0.11.2-2+lenny1.diff.gz
436e9953870e05b9aab4d673490d09ab 1785820 games optional pioneers-data_0.11.2-2+lenny1_all.deb
a69baae90b40f5ccf5f29f14fe9d9523 235810 games optional pioneers-console-data_0.11.2-2+lenny1_all.deb
d7c20a4e27e20608692f1a7f47f561a7 312432 games optional pioneers_0.11.2-2+lenny1_i386.deb
948f59fb1321de344e33fd21ee2698fd 189868 games optional pioneers-console_0.11.2-2+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHTKG+HYflSXNkfP8RAlnsAJ9XPbOnPRNwRwpF18zTKLXCP1MyVACfZXp0
1cilNKsOhTeWJLHz5NA8eac=
=AxH2
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 03 Jan 2008 07:34:03 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Lucas Nussbaum <lucas@lucas-nussbaum.net>
to controlbugs.debian.org.
(Sat, 09 Aug 2008 18:02:47 GMT) (full text, mbox, link).
Bug No longer marked as found in versions pioneers/0.11.3-1.
Request was from Bas Wijnen <wijnen@debian.org>
to control@bugs.debian.org.
(Wed, 22 Jun 2011 22:57:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 21 Jul 2011 07:34:44 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.