[Pkg-freeciv-devel] Bug#381378: CVE-2006-3913: arbitrary code execution in freeciv

Steve Langasek vorlon at debian.org
Thu Aug 17 02:32:34 UTC 2006 

On Wed, Aug 16, 2006 at 07:31:38PM -0700, Steve Langasek wrote:
> tags 381378 patch
> thanks

> Hi guys,

> I've prepared a 0-day NMU for this security bug in freeciv, applying the
> relevant bits of the patch Joey sent to the bug report.  Please find the
> full NMU diff attached.

Made you look!

Now try to find the full NMU diff attached /here/.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/
-------------- next part --------------
diff -u freeciv-2.0.8/debian/patches/series freeciv-2.0.8/debian/patches/series
--- freeciv-2.0.8/debian/patches/series
+++ freeciv-2.0.8/debian/patches/series
@@ -2,0 +3 @@
+CVE-2006-3913
diff -u freeciv-2.0.8/debian/changelog freeciv-2.0.8/debian/changelog
--- freeciv-2.0.8/debian/changelog
+++ freeciv-2.0.8/debian/changelog
@@ -1,3 +1,12 @@
+freeciv (2.0.8-2.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * High-urgency upload for RC bugfix.
+  * Fix CVE-2006-3913, possible remote arbitrary code execution bug; 
+    thanks to Joey Schulze for the patch.  Closes: #381378.
+
+ -- Steve Langasek <vorlon at debian.org>  Wed, 16 Aug 2006 19:22:26 -0700
+
 freeciv (2.0.8-2) unstable; urgency=low
 
   * debian/control:
only in patch2:
unchanged:
--- freeciv-2.0.8.orig/debian/patches/CVE-2006-3913
+++ freeciv-2.0.8/debian/patches/CVE-2006-3913
@@ -0,0 +1,17 @@
+Index: freeciv-2.0.8/server/unithand.c
+===================================================================
+--- freeciv-2.0.8.orig/server/unithand.c	2006-08-16 19:18:55.000000000 -0700
++++ freeciv-2.0.8/server/unithand.c	2006-08-16 19:22:08.000000000 -0700
+@@ -1593,11 +1593,10 @@
+   struct unit *punit = player_find_unit_by_id(pplayer, packet->unit_id);
+   int i;
+ 
+-  if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE) {
++  if (!punit || packet->length < 0 || packet->length > MAX_LEN_ROUTE || punit->activity != ACTIVITY_IDLE) {
+     return;
+   }
+ 
+-
+   for (i = 0; i < packet->length; i++) {
+     switch (packet->orders[i]) {
+     case ORDER_MOVE:

More information about the Pkg-freeciv-devel mailing list