Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Nov 2016 20:33:56 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: CVE Request: teeworlds: possible remote code execution on teeworlds
 client

Hi

teeworlds, a online multi-player platform 2D shooter, released a new
upstream version 0.6.4 stating the following in the news:

> 0.6.4 released - another security fix
> (posted by: heinrich5991) | 2016-11-13
> As with the 0.6.3 release, a reported security vulnerability motivated
> this release: This time, the security vulnerability is worse, attacker
> controlled memory-writes and possibly arbitrary code execution on the
> client, abusable by any server the client joins.

https://www.teeworlds.com/?page=news&id=12086

Upstream fix:
https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62

Bug report in Debian: https://bugs.debian.org/844546

Could you assign a CVE for this issue?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ