Bug#665656: openarena-server: is vulnerable for getstatus DRDoS attack

[Florian Weimer]

* Simon McVittie:

> Dear security team: what do you consider the severity of this bug to be?
> Is it the sort of thing you issue DSAs for?

So the problem seems to be traffic amplification by a factor or 250.
(around 2000 bytes in, 500,000 bytes out).  Is this correct?

Is there any experience which strongly suggests that deploying the
patch actually helps victims?  Then we should issue a DSA.