[SCM] collaborative maintenance of the dopewars package branch, master, updated. debian/1.5.12-8-4-g881839b

Francois Marier francois at debian.org
Sat Nov 7 04:09:39 UTC 2009 

The following commit has been merged in the master branch:
commit 29c97f0d7d17c89453e7dca026d68abc08699bc4
Author: Francois Marier <francois at debian.org>
Date:   Sat Nov 7 16:54:48 2009 +1300

    Fix a denial of service (CVE-2009-3591, closes: #550913)

diff --git a/debian/changelog b/debian/changelog
index cca0c47..76469cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,10 @@
-dopewars (1.5.12-9) unstable; urgency=low
+dopewars (1.5.12-9) unstable; urgency=high
 
+  * Fix a denial of service (CVE-2009-3591, closes: #550913)
   * debian/control: bump Standards-Version to 3.8.3
   * Add a README.source referring to the dpatch README
 
- -- Francois Marier <francois at debian.org>  Sat, 07 Nov 2009 16:48:48 +1300
+ -- Francois Marier <francois at debian.org>  Sat, 07 Nov 2009 16:53:46 +1300
 
 dopewars (1.5.12-8) unstable; urgency=low
 
diff --git a/debian/patches/00list b/debian/patches/00list
index c4a7a26..1054b9e 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -1 +1,2 @@
 buy_sell_quantities.dpatch
+CVE-2009-3591.dpatch
diff --git a/debian/patches/CVE-2009-3591.dpatch b/debian/patches/CVE-2009-3591.dpatch
new file mode 100755
index 0000000..3094350
--- /dev/null
+++ b/debian/patches/CVE-2009-3591.dpatch
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2009-3591.dpatch by Francois Marier <francois at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1023&r2=1033&pathrev=1033
+
+ at DPATCH@
+--- a/src/serverside.c	2008/08/20 16:33:30	1023
++++ b/src/serverside.c	2009/10/05 04:11:32	1033
+@@ -504,6 +504,12 @@
+     break;
+   case C_REQUESTJET:
+     i = atoi(Data);
++    /* Make sure value is within range */
++    if (i < 0 || i >= NumLocation) {
++      dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"),
++              GetPlayerName(Play), Data);
++      break;
++    }
+     if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) {
+       if (CanRunHere(Play)) {
+         break;

-- 
collaborative maintenance of the dopewars package

More information about the Pkg-games-commits mailing list