[SCM] team based FPS game - packaging branch, debian, updated. debian/1.1.0-5-4-gdb361a5

Simon McVittie smcv at debian.org
Wed Feb 22 09:40:39 UTC 2012 

The following commit has been merged in the debian branch:
commit db361a5b7c69e3ac3ae9b54558abaad15a5e4a66
Author: Simon McVittie <smcv at debian.org>
Date:   Wed Feb 22 09:12:17 2012 +0000

    Add bug numbers, release

diff --git a/debian/NEWS b/debian/NEWS
index 1a9d26b..50eaafc 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,4 +1,4 @@
-tremulous (1.1.0-6) UNRELEASED; urgency=medium
+tremulous (1.1.0-6) unstable; urgency=medium
 
   This version of Tremulous is based on an older version of the Quake III
   Arena engine, which has no protection against malicious bytecode programs.
diff --git a/debian/changelog b/debian/changelog
index e031bd6..410c7a3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,25 +1,27 @@
-tremulous (1.1.0-6) UNRELEASED; urgency=medium
+tremulous (1.1.0-6) unstable; urgency=medium
 
   * Backport patches from ioquake3 to fix long-standing security bugs:
     - CVE-2006-2082: arbitrary file download from server by a malicious client
+      (Closes: #660831)
     - CVE-2006-2236 ("the remapShader exploit"): missing bounds-checking on
       COM_StripExtension, exploitable in clients of a malicious server
+      (Closes: #660827)
     - CVE-2006-2875 ("q3cbof"): buffer overflow in CL_ParseDownload by a
-      malicious server
+      malicious server (Closes: #660830)
     - CVE-2006-3324: arbitrary file overwriting in clients of a malicious
-      server
+      server (Closes: #660832)
     - CVE-2006-3325: arbitrary cvar overwriting (could lead to arbitrary
-      code execution) in clients of a malicious server
+      code execution) in clients of a malicious server (Closes: #660835)
     - CVE-2011-3012, CVE-2011-2764: DLL overwriting (leading to arbitrary
       code execution) in clients of a malicious server if auto-downloading
-      is enabled
+      is enabled (Closes: #660836)
   * As a precaution, disable auto-downloading
   * Backport ioquake3 r1141 to fix a potential buffer overflow in error
     handling (not known to be exploitable, but it can't hurt)
   * Add gcc attributes to all printf- and scanf-like functions, and
     fix non-literal format strings (again, none are known to be exploitable)
 
- -- Simon McVittie <smcv at debian.org>  Sun, 11 Dec 2011 17:35:38 +0000
+ -- Simon McVittie <smcv at debian.org>  Wed, 22 Feb 2012 09:07:37 +0000
 
 tremulous (1.1.0-5) unstable; urgency=low
 
diff --git a/debian/patches/0010-CVE-2006-2082-do-not-allow-download-of-arbitrary-fil.patch b/debian/patches/0010-CVE-2006-2082-do-not-allow-download-of-arbitrary-fil.patch
index a41f689..8c42baa 100644
--- a/debian/patches/0010-CVE-2006-2082-do-not-allow-download-of-arbitrary-fil.patch
+++ b/debian/patches/0010-CVE-2006-2082-do-not-allow-download-of-arbitrary-fil.patch
@@ -10,6 +10,7 @@ vulnerability) and r781 (which fixed a regression in r777 where
 uninitialized variables led to some allowed downloads being rejected too).
 
 Origin: backport
+Bug-Debian: http://bugs.debian.org/660831
 Bug-CVE: http://security-tracker.debian.org/tracker/CVE-2006-2082
 ---
  src/server/sv_client.c |   51 ++++++++++++++++++++++++++++++++++++++++-------
diff --git a/debian/patches/0011-CVE-2006-2236-add-bounds-checking-to-COM_StripExtens.patch b/debian/patches/0011-CVE-2006-2236-add-bounds-checking-to-COM_StripExtens.patch
index 0819d5f..b59c83f 100644
--- a/debian/patches/0011-CVE-2006-2236-add-bounds-checking-to-COM_StripExtens.patch
+++ b/debian/patches/0011-CVE-2006-2236-add-bounds-checking-to-COM_StripExtens.patch
@@ -7,6 +7,7 @@ a further change to avoid strncpy'ing a string into itself.
 Original patch by Thilo Schulz.
 
 Origin: backport
+Bug-Debian: http://bugs.debian.org/660827
 Bug-CVE: http://security-tracker.debian.org/tracker/CVE-2006-2236
 Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=455458
 ---
diff --git a/debian/patches/0012-CVE-2006-2875-fix-stack-buffer-overflow-in-CL_ParseD.patch b/debian/patches/0012-CVE-2006-2875-fix-stack-buffer-overflow-in-CL_ParseD.patch
index 12f9c78..319978b 100644
--- a/debian/patches/0012-CVE-2006-2875-fix-stack-buffer-overflow-in-CL_ParseD.patch
+++ b/debian/patches/0012-CVE-2006-2875-fix-stack-buffer-overflow-in-CL_ParseD.patch
@@ -6,6 +6,7 @@ This is exploitable by a modified server. Original patch by Thilo
 Schulz, ioquake3 r796.
 
 Origin: backport
+Bug-Debian: http://bugs.debian.org/660830
 Bug-CVE: http://security-tracker.debian.org/tracker/CVE-2006-2875
 ---
  src/client/cl_parse.c |   28 ++++++++++++++++++++--------
diff --git a/debian/patches/0013-CVE-2006-3324-fix-arbitrary-file-overwrite-on-client.patch b/debian/patches/0013-CVE-2006-3324-fix-arbitrary-file-overwrite-on-client.patch
index 1fd00bc..75d51fc 100644
--- a/debian/patches/0013-CVE-2006-3324-fix-arbitrary-file-overwrite-on-client.patch
+++ b/debian/patches/0013-CVE-2006-3324-fix-arbitrary-file-overwrite-on-client.patch
@@ -8,6 +8,7 @@ This commit also includes "a few sanity checks for checksum/pakname storage
 to fix a crash that can occur under certain circumstances", from r804
 and r805.
 
+Bug-Debian: http://bugs.debian.org/660832
 Bug-CVE: http://security-tracker.debian.org/tracker/CVE-2006-3324
 Origin: backport
 ---
diff --git a/debian/patches/0014-CVE-2006-3325-fix-arbitrary-cvar-overwriting.patch b/debian/patches/0014-CVE-2006-3325-fix-arbitrary-cvar-overwriting.patch
index 8a5f432..e560186 100644
--- a/debian/patches/0014-CVE-2006-3325-fix-arbitrary-cvar-overwriting.patch
+++ b/debian/patches/0014-CVE-2006-3325-fix-arbitrary-cvar-overwriting.patch
@@ -4,6 +4,7 @@ Subject: CVE-2006-3325: fix arbitrary cvar overwriting
 
 Original patch by Thilo Schulz, ioquake3 r811.
 
+Bug-Debian: http://bugs.debian.org/660834
 Bug-CVE: http://security-tracker.debian.org/tracker/CVE-2006-3325
 Origin: backport
 ---
diff --git a/debian/patches/0015-CVE-2011-3012-CVE-2011-2764-backport-from-ioquake3-t.patch b/debian/patches/0015-CVE-2011-3012-CVE-2011-2764-backport-from-ioquake3-t.patch
index 12adb99..fc64264 100644
--- a/debian/patches/0015-CVE-2011-3012-CVE-2011-2764-backport-from-ioquake3-t.patch
+++ b/debian/patches/0015-CVE-2011-3012-CVE-2011-2764-backport-from-ioquake3-t.patch
@@ -13,6 +13,7 @@ This is a backport of several patches:
   in previous commits, CVE-2011-2764)
 
 Origin: backport
+Bug-Debian: http://bugs.debian.org/660836
 Bug-CVE: http://security-tracker.debian.org/tracker/CVE-2011-3012
 Bug-CVE: http://security-tracker.debian.org/tracker/CVE-2011-2764
 ---

-- 
team based FPS game - packaging

More information about the Pkg-games-commits mailing list