Mageia Bugzilla – Bug 11852
openttd new security issue CVE-2013-6411
Last modified: 2013-12-06 23:03:45 CET
A CVE was allocated for a security issue in openttd on November 29:
The issue is fixed upstream in 1.3.3 and there's a patch linked from the upstream advisory:
Mageia 3 is also affected.
Steps to Reproduce:
Requested freeze push for Cauldron and pushed 1.3.3 to core/updates_testing for mga3.
QA team, please test new release  for mga3. Steps to reproduce are in upstream security tracker (link in comment 0). There're also other fixes  in this new release.
Updated openttd package fixes security vulnerability:
A missing validation in OpenTTD before 1.3.3 allows remote attackers to cause
a denial of service (crash) by forcefully crashing aircraft near the corner of
the map. This triggers a corner case where data outside of the allocated map
array is accessed (CVE-2013-6411).
Updated packages in core/updates_testing:
Advisory 11852.adv committed to svn.
Testing complete on Mageia 3 i586 and x86_64.
Someone from the sysadmin team please push 11852.adv to updates.
Just a reminder that this needs pushed in Cauldron first.
openttd-1.3.3-1.mga4 submitted for Cauldron.