Bug#857699: ioquake3 has a security vulnerability

Victor Roemer vroemer at badsec.org
Tue Mar 14 21:23:30 UTC 2017


FYI, The ioquake3.org blog post was updated to reference me as the reporter.

On Tue, Mar 14, 2017 at 4:42 PM, Victor Roemer <vroemer at badsec.org> wrote:

> Any way we can amend that?
>
> On Tue, Mar 14, 2017 at 3:31 PM, Simon McVittie <smcv at debian.org> wrote:
>
>> On Tue, 14 Mar 2017 at 13:38:37 -0400, Victor Roemer wrote:
>> > I originally reported the vulnerability to ioquake3. I'd like to help
>> with the
>> > CVE however I can.
>> > I'm not familiar with CVE reports which is why one hasn't already been
>> written.
>>
>> MITRE's new process really doesn't help matters there...
>>
>> I've requested a CVE ID, with this bug given as a contact address.
>> Hopefully that will work.
>>
>> Sorry, I didn't see this email until after I had sent the CVE request,
>> and the ioquake3 maintainers didn't credit you in their advisory, so
>> the initial CVE request doesn't credit you either. That wasn't intentional
>> on my part.
>>
>>     S
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20170314/aa8b3e5a/attachment.html>


More information about the Pkg-games-devel mailing list