Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Remote termination security issue https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192983 ------- Additional Comments From jkosin(a)beta.intcomgrp.com 2006-05-24 13:11 EST ------- I'm not sure if I'd call a game that terminates unexpectedly a security risk. But, to fix we should probably find out what values for FrameNum are acceptable and who is causing the problem to fail the ASSERT(). -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Remote termination security issue https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192983 ------- Additional Comments From hugo(a)devin.com.br 2006-05-24 17:37 EST ------- Any fixes would be good to include. I'm currently watching this issue, as I am not a good programmer, I can't look at the source code at the time. However I'll try to make some efforts on this. If you have any updates, tell me. Regarding bug #192990, I'll look, make a patch from svn and update the release. Thanks for the attention. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2575 Remote termination security issue https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192983 ------- Additional Comments From j.w.r.degoede(a)hhs.nl 2006-06-06 14:16 EST ------- Created an attachment (id=130628) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=130628&action=...) Patch fixing this CVE Since no-one else was doing it I've taken a look at this, with as a result the attached patch which fixes this. I confirmed the crash with the exploit given in the URL above, and checked that it no longer crashes with this patch. I however didnot check if this influences play in anyway, someone who actually plays the game should test this, especially the flag selection for a player. Although I believe that there should be no influence. p.s. Whats going on with getting the fix for the other vulnerability from SVN? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2575 Remote termination security issue https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192983 hugo(a)devin.com.br changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.8-4 ------- Additional Comments From hugo(a)devin.com.br 2006-06-14 09:17 EST ------- Package fixed. Closing. Thanks! -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.