Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits
smcv at debian.org
Sat Aug 12 05:46:33 UTC 2017
On Fri, 11 Aug 2017 at 20:11:46 +0200, Moritz Mühlenhoff wrote:
> Thanks, please upload. Generally speaking contrib is not supported, but
> it would be silly to fix ioquake, but not iortcw along, so please go ahead.
Thanks, both uploaded to security-master targeting stretch-security.
> What about jessie, is that still usable against current game servers?
It would make sense to fix ioquake3 in jessie, but I am unlikely to
be able to complete this work any time soon - I probably won't find a
jessie user at DebConf, and soon after I get back I'll be moving house,
so my time and hardware are limited. I'll try to prepare packages so
that someone else can test them (via openarena).
For completeness: iortcw isn't in jessie, so not applicable.
More information about the Pkg-games-devel