[Pkg-freeciv-devel] Bug#381378: CVE-2006-3913: arbitrary code
execution in freeciv
Steve Langasek
vorlon at debian.org
Thu Aug 17 02:32:34 UTC 2006
On Wed, Aug 16, 2006 at 07:31:38PM -0700, Steve Langasek wrote:
> tags 381378 patch
> thanks
> Hi guys,
> I've prepared a 0-day NMU for this security bug in freeciv, applying the
> relevant bits of the patch Joey sent to the bug report. Please find the
> full NMU diff attached.
Made you look!
Now try to find the full NMU diff attached /here/.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
-------------- next part --------------
diff -u freeciv-2.0.8/debian/patches/series freeciv-2.0.8/debian/patches/series
--- freeciv-2.0.8/debian/patches/series
+++ freeciv-2.0.8/debian/patches/series
@@ -2,0 +3 @@
+CVE-2006-3913
diff -u freeciv-2.0.8/debian/changelog freeciv-2.0.8/debian/changelog
--- freeciv-2.0.8/debian/changelog
+++ freeciv-2.0.8/debian/changelog
@@ -1,3 +1,12 @@
+freeciv (2.0.8-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * High-urgency upload for RC bugfix.
+ * Fix CVE-2006-3913, possible remote arbitrary code execution bug;
+ thanks to Joey Schulze for the patch. Closes: #381378.
+
+ -- Steve Langasek <vorlon at debian.org> Wed, 16 Aug 2006 19:22:26 -0700
+
freeciv (2.0.8-2) unstable; urgency=low
* debian/control:
only in patch2:
unchanged:
--- freeciv-2.0.8.orig/debian/patches/CVE-2006-3913
+++ freeciv-2.0.8/debian/patches/CVE-2006-3913
@@ -0,0 +1,17 @@
+Index: freeciv-2.0.8/server/unithand.c
+===================================================================
+--- freeciv-2.0.8.orig/server/unithand.c 2006-08-16 19:18:55.000000000 -0700
++++ freeciv-2.0.8/server/unithand.c 2006-08-16 19:22:08.000000000 -0700
+@@ -1593,11 +1593,10 @@
+ struct unit *punit = player_find_unit_by_id(pplayer, packet->unit_id);
+ int i;
+
+- if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE) {
++ if (!punit || packet->length < 0 || packet->length > MAX_LEN_ROUTE || punit->activity != ACTIVITY_IDLE) {
+ return;
+ }
+
+-
+ for (i = 0; i < packet->length; i++) {
+ switch (packet->orders[i]) {
+ case ORDER_MOVE:
More information about the Pkg-freeciv-devel
mailing list