Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Moritz Mühlenhoff jmm at inutil.org
Fri Aug 11 18:11:46 UTC 2017


On Thu, Aug 10, 2017 at 02:29:52PM -0400, Simon McVittie wrote:
> On Sat, 05 Aug 2017 at 12:24:19 +0100, Simon McVittie wrote:
> > Again, I don't have time to handle this for stable right now, so
> > security or games team members are very welcome to do so. I'll prepare
> > a stable update during Debconf if nobody gets there first, assuming I
> > can find a stable user willing to test a game from contrib.
> 
> I have prepared proposed stable-security updates and borrowed a
> stable machine to smoke-test them (thanks to Andy Simpkins). I forget
> whether you're interested in fixing contrib or not, so I'm doing iortcw
> as well as ioquake3 (openjk is experimental-only so is not relevant here).
> Let me know if I should redirect the iortcw update to the release team.

Thanks, please upload. Generally speaking contrib is not supported, but
it would be silly to fix ioquake, but not iortcw along, so please go ahead.

What about jessie, is that still usable against current game servers?

Cheers,
        Moritz



More information about the Pkg-games-devel mailing list