Bug#844546: teeworlds: possible remote code execution on the client
Felix Geyer
fgeyer at debian.org
Wed Nov 16 19:16:56 UTC 2016
Package: teeworlds
Version: 0.6.1+dfsg-1
Severity: grave
Tags: security
Justification: user security hole
teeworlds upstream has released version 0.6.4.
https://www.teeworlds.com/?page=news&id=12086 says
> the security vulnerability is worse, attacker controlled memory-writes and
> possibly arbitrary code execution on the client, abusable by any server the
> client joins
The upstream fix:
https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62
There doesn't seem to be a CVE assigned to this vulnerability.
Felix
More information about the Pkg-games-devel
mailing list