[SCM] Packaging for the OpenArena engine branch, debian-squeeze, updated. debian/0.8.5-5+squeeze2-3-g1b76f3e
Simon McVittie
smcv at debian.org
Tue Mar 27 09:59:33 UTC 2012
The following commit has been merged in the debian-squeeze branch:
commit 3ae20e9d1d019b87c170b0388cac140e553acc6e
Author: Simon McVittie <smcv at debian.org>
Date: Tue Mar 27 10:48:40 2012 +0100
Incorporate ioquake3 r1763 into the patch for rate-limiting, to fix potential use of uninitialized variables if the network address family is unexpected
diff --git a/debian/changelog b/debian/changelog
index 17eb49d..fefd398 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ openarena (0.8.5-5+squeeze3) UNRELEASED; urgency=low
* Add CVE reference to changelog and patch for previous version, now that
one has been allocated
+ * Incorporate ioquake3 r1763 into the patch for rate-limiting, to fix
+ potential use of uninitialized variables if the network address family
+ is unexpected
-- Simon McVittie <smcv at debian.org> Tue, 27 Mar 2012 10:02:30 +0100
diff --git a/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch b/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
index 53580d5..628f85c 100644
--- a/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
+++ b/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
@@ -1,8 +1,12 @@
From: Tim Angus <tma>
Date: Sun, 3 Jan 2010 22:12:20 +0000
-Subject: [PATCH] * Rate limit getstatus and rcon connectionless requests
+Subject: Rate limit getstatus and rcon connectionless requests
-Origin: upstream (ioquake3), commit:1762
+[This patch also includes r1763, fixing potential dereference of an
+uninitialized pointer if the network address family is neither IPv4 nor
+IPv6. -smcv]
+
+Origin: upstream (ioquake3), commit:1762, commit:1763
Bug-Debian: http://bugs.debian.org/665656
CVE: CVE-2010-5077
---
@@ -47,8 +51,8 @@ index 6215791..b88cc11 100644
+================
+*/
+static long SVC_HashForAddress( netadr_t address ) {
-+ byte *ip;
-+ size_t size;
++ byte *ip = NULL;
++ size_t size = 0;
+ int i;
+ long hash = 0;
+
--
Packaging for the OpenArena engine
More information about the Pkg-games-commits
mailing list