-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 12 Aug 2017 01:37:23 EDT Source: ioquake3 Binary: ioquake3 ioquake3-server Architecture: source Version: 1.36+u20161101+dfsg1-2+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Description: ioquake3 - Game engine for 3D first person shooter games ioquake3-server - Engine for 3D first person shooter games - server and common file Closes: 870725 Changes: ioquake3 (1.36+u20161101+dfsg1-2+deb9u1) stretch-security; urgency=medium . * Reference CVE-2017-6903 in previous changelog entry * Add patch from upstream: + Address read buffer overflow in MSG_ReadBits (CVE-2017-11721) (Closes: #870725) + Check buffer boundary exactly in MSG_WriteBits, instead of potentially failing with a few bytes still available Checksums-Sha256: 61bd336200f9cee4b02f23aa1231cb272bb04cbd711b40e5ec16295ff92b8b4b 2310 ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc f2fc89d979a84088a08f81debd341a4905dc2149185874d17943d2c2044be151 25268 ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz 16c071721387a37b592aad30ed3eddba66cdea87ad808af85f465396a51f4d0b 1886888 ioquake3_1.36+u20161101+dfsg1.orig.tar.xz Checksums-Sha1: ec34c192c83e46aaaedbeffd72a60fe6239a80ee 2310 ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc 47651a22549123ec28a480a100764e47f362c0ff 25268 ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz 1287724135101aeed70f4a3cbb0883ca52995052 1886888 ioquake3_1.36+u20161101+dfsg1.orig.tar.xz Files: 6e7b750d4288a9a7388e96c2f45ed3ac 2310 games optional ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc 81a330e471f12813df4ca9207d6417d1 25268 games optional ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz d14b0fca7af5ebc86688acd874e49b44 1886888 games optional ioquake3_1.36+u20161101+dfsg1.orig.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlmOlB0ACgkQ4FrhR4+B TE9ddRAAqhfiJV/e5ctum/N6saW4wJ7HMcWbOgFT/4hnej6me6QwzgMs841imexd g1c+Pm+frjx3G1L/e3JHy+vPkfycqvSf/8f4QN5NTvrHj5FVfdV/9m6VHA4MZRlf VyDd1j5xD1KJhq3/r+NqmvQLft4JOaQMFbh8fkykxIKVR27S/mhhZxMAk0cEgIKw aoxZ7GWOA1JfaSfoW6A0e1Fn+uRpZcxGZOpe6CJmBiUaESNGUITb4+lw7E7N+FzG 5a3xedYqdLW+WfdbzwqZ44PerE9zEEFrChyUEZFQyTSv+vJHwYZRkEcxDsfVEIBF CG55IONIggPIpixybSeRGk3Cqzs+rshBHF33hqQ+Mu0hIvaZ67j0uy74s2uATqfK ev3cP48PLumZ+Aix2Mu7hXIGXUY9M3NXSaGf8C9ykJyr4WlMEq7KS4VH0/Kw1/TB qZeSVrzE8LEdom9XadkMgqoTLNRiOqbU/LWEDgIixv85iAMmlX7E54pqp8dOkuYa R/5ld/LpZSw6WcR6vBW0WMuFSXGM7W1SUcwzn25tka/sl0GC2hGmSlOZEdKck23m 0IFfw9RLteGKZlXwIHZTVHnVyX7m7SCVmYzMw9HNobJh/mCqNlZu507IxUBj5aGC /eNhGcTYHOk5vJW46BlcmtThutQ5NZBCCs6iIOg8BdfpqQ1buos= =LCdy -----END PGP SIGNATURE-----