** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-2082
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-2236 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-2875 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-3324 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-3325 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3012 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2764 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-5077 -- You received this bug notification because you are a member of Debian/Ubuntu Games Team, which is subscribed to tremulous in Ubuntu. https://bugs.launchpad.net/bugs/970819 Title: multiple security vulnerabilities Status in “tremulous” package in Ubuntu: Confirmed Bug description: Please consider syncing tremulous/1.1.0-8 from Debian unstable into all supported Ubuntu versions. It fixes: - CVE-2006-2082: arbitrary file download from server by a malicious client (Closes: #660831) - CVE-2006-2236 ("the remapShader exploit"): missing bounds-checking on COM_StripExtension, exploitable in clients of a malicious server (Closes: #660827) - CVE-2006-2875 ("q3cbof"): buffer overflow in CL_ParseDownload by a malicious server (Closes: #660830) - CVE-2006-3324: arbitrary file overwriting in clients of a malicious server (Closes: #660832) - CVE-2006-3325: arbitrary cvar overwriting (could lead to arbitrary code execution) in clients of a malicious server (Closes: #660834) - CVE-2011-3012, CVE-2011-2764: DLL overwriting (leading to arbitrary code execution) in clients of a malicious server if auto-downloading is enabled (Closes: #660836) - a potential buffer overflow in error handling (not known to be exploitable, but it can't hurt) - non-literal format strings (again, none are known to be exploitable) - CVE-2010-5077, use of Tremulous servers by third parties to perform reflected DoS attacks It also disables auto-downloading to mitigate any future security vulnerabilities. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tremulous/+bug/970819/+subscriptions _______________________________________________ Pkg-games-ubuntu mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-games-ubuntu
