-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 10 Mar 2008 18:09:24 +0100 Source: tintin++ Binary: tintin++ Architecture: source amd64 Version: 1.97.9-2 Distribution: unstable Urgency: high Maintainer: Ana Beatriz Guerrero Lopez <ana@debian.org> Changed-By: Ana Beatriz Guerrero Lopez <ana@debian.org> Description: tintin++ - classic text-based MUD client Closes: 465643 Changes: tintin++ (1.97.9-2) unstable; urgency=high . * Add secutity.patch fixing the following security bugs: - CVE-2008-0671: Stack-based buffer overflow in the add_line_buffer function allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF. - CVE-2008-0672: The process_chat_input function allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference. - CVE-2008-0673: TinTin++ open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory. (Closes: #465643) . * Add quilt support for patching. Files: 70e495765e3b8ee7113f7861135f4212 701 games optional tintin++_1.97.9-2.dsc 84c076763b3f554e0d7dbfce30f77a85 6044 games optional tintin++_1.97.9-2.diff.gz 00b06180069dbc6fc5e286cca97b5a9c 140278 games optional tintin++_1.97.9-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Signed by Ana Guerrero iD8DBQFH1XWwn3j4POjENGERAs3jAJ9dHITv/53lwUFyPjUiOsqy+5ak2ACbB0vl 7ayyPfqgnI9eJHpZ/5lTfh8= =zYtK -----END PGP SIGNATURE----- Accepted: tintin++_1.97.9-2.diff.gz to pool/main/t/tintin++/tintin++_1.97.9-2.diff.gz tintin++_1.97.9-2.dsc to pool/main/t/tintin++/tintin++_1.97.9-2.dsc tintin++_1.97.9-2_amd64.deb to pool/main/t/tintin++/tintin++_1.97.9-2_amd64.deb
