Date: Wed, 16 Nov 2016 20:33:56 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: CVE Request: teeworlds: possible remote code execution on teeworlds client Hi teeworlds, a online multi-player platform 2D shooter, released a new upstream version 0.6.4 stating the following in the news: > 0.6.4 released - another security fix > (posted by: heinrich5991) | 2016-11-13 > As with the 0.6.3 release, a reported security vulnerability motivated > this release: This time, the security vulnerability is worse, attacker > controlled memory-writes and possibly arbitrary code execution on the > client, abusable by any server the client joins. https://www.teeworlds.com/?page=news&id=12086 Upstream fix: https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 Bug report in Debian: https://bugs.debian.org/844546 Could you assign a CVE for this issue? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ