Bug#549310: marked as done (overkill: long player names can corrupt data on the server machine)

Sun, 21 Feb 2010 05:20:45 -0800 

Your message dated Sun, 21 Feb 2010 13:14:40 +0000
with message-id <e1njbdw-0005iu...@ries.debian.org>
and subject line Bug#549310: fixed in overkill 0.16-14.1
has caused the Debian Bug report #549310,
regarding overkill: long player names can corrupt data on the server machine
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
549310: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549310
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: overkill
Version: 0.16-14
Severity: grave
Tags: patch security
Justification: user security hole

Players with names longer than 24 characters have been able to corrupt data on 
the machine where the server is run. This is made possible by not always 
checking wether the name of a connecting player is too long. I have made a 
patch to fix this.


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages overkill depends on:
ii  libc6                         2.9-27     GNU C Library: Shared libraries
ii  libx11-6                      2:1.2.2-1  X11 client-side library
ii  libxpm4                       1:3.5.7-2  X11 pixmap library

overkill recommends no packages.

overkill suggests no packages.

-- no debconf information

534a535
>       int name_too_long;
538a540
>       name_too_long=strlen(name)>MAX_NAME_LEN? 1:0;
543c545,546
<       cp->member.name=mem_alloc(strlen(name)+1);
---
>       cp->member.name=mem_alloc((name_too_long?MAX_NAME_LEN:strlen(name))+1);
>       if (name_too_long) *(cp->member.name+MAX_NAME_LEN)='\0';
560c563
<       memcpy(cp->member.name,name,strlen(name)+1);
---
>       memcpy(cp->member.name,name,(name_too_long?MAX_NAME_LEN:strlen(name)));

--- End Message ---
--- Begin Message --- 
Source: overkill
Source-Version: 0.16-14.1

We believe that the bug you reported is fixed in the latest version of
overkill, which is due to be installed in the Debian FTP archive:

overkill_0.16-14.1.diff.gz
  to main/o/overkill/overkill_0.16-14.1.diff.gz
overkill_0.16-14.1.dsc
  to main/o/overkill/overkill_0.16-14.1.dsc
overkill_0.16-14.1_i386.deb
  to main/o/overkill/overkill_0.16-14.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 549...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Venthur <vent...@debian.org> (supplier of updated overkill package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 21 Feb 2010 13:32:52 +0100
Source: overkill
Binary: overkill
Architecture: source i386
Version: 0.16-14.1
Distribution: unstable
Urgency: low
Maintainer: Joachim Breitner <nome...@debian.org>
Changed-By: Bastian Venthur <vent...@debian.org>
Description: 
 overkill   - bloody 2D action deathmatch-like game in ascii-art
Closes: 549310
Changes: 
 overkill (0.16-14.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix "long player names can corrupt data on the server machine"
     Applied patch provided by Jonathan Neuschäfer (Closes: #549310)
Checksums-Sha1: 
 bc1723843cab6a6553fa535a553101900d06b4dc 1667 overkill_0.16-14.1.dsc
 f9e9f271808307091034b84f5dacf85365199a75 24176 overkill_0.16-14.1.diff.gz
 e2a0eff90b15099277f6e89d1000dba5bb12cee8 365108 overkill_0.16-14.1_i386.deb
Checksums-Sha256: 
 993f02c0dd4ebdda35e76811c82a94198b1c9a5261e250a56c45648e88b040b9 1667 
overkill_0.16-14.1.dsc
 24df36a1a7fb8d0f19e89b3b6c289cc008a43352e077cdc451da9d4641f2b766 24176 
overkill_0.16-14.1.diff.gz
 99e6b888410a7f1fd2a417a929e57bc2c319c61c905ea2c28474835ff3c2e01d 365108 
overkill_0.16-14.1_i386.deb
Files: 
 328ed2894a7df00476801118c806a027 1667 games optional overkill_0.16-14.1.dsc
 221036a11cc0eabc18174928eda6746f 24176 games optional 
overkill_0.16-14.1.diff.gz
 37194938224b05b918b0682100196899 365108 games optional 
overkill_0.16-14.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJLgSjvAAoJEI6IlUTZhQANCNAP/jLA60892c0Dc9pURNowvS9I
ap/lOf83o5eYTNGxeyGHktOAzSYLNjC5/m73rp4CVqNQrFK73uOATkTRmlJ/EWMn
PPVfmpD+1nfK070lXwGb6xmNR892pu7ZZlsgA/OmUCMBOvKCNRwbLxN35BoCi7eG
XnkG325ql7qBb6VXme1x+OXDuXLdjaekk8AINXN3nXW4+UrqBV1Q+FWnPqiHh7Ly
vRnSYlhmk9tMdovvCy87eN0bevgfkmFn1hdQAJp0uWTzwyPlkAdTBbk6QLdzItOo
4CnObceQkINoxL5dFRp5gDCsj/9/bB+zyNexc5PGOwcphFM63OMfTmGMzOR/Gl07
Z7j/sLOFfLRgR2rPnAXkgYzrP4VuxpYyJ+6MlQTfYd0jjEx+6q+omB1+BOn6hsIb
nrYCG2ArHi37Z4rbKMBdFV1Fbl9xrHKQt7tok9Uakk2YeBAl4wiF2fsHfuaBIdNL
Uh9zPw71YAKyWs/EV8rLAASmeVDPLqCH7k13rBpEADblFYEmAV/RRTvEF+l64xlO
0GcU/49DcFES/HyeOpAgLOyZzZKkFFvow5RpA/iuB11xwC+unsNI3BS7j8VJGQYB
DPBdksTA+kG9yXZ/WZfajnjvAApssCOyql5QHzZWPAQVJrVrlB05fj2HHeVcikhe
Gz7PqPHZrLUyJgBXJdfz
=4NUn
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to