A CVE was allocated for a security issue in openttd on November 29: http://openwall.com/lists/oss-security/2013/11/29/3 The issue is fixed upstream in 1.3.3 and there's a patch linked from the upstream advisory: http://security.openttd.org/en/CVE-2013-6411 Mageia 3 is also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Requested freeze push for Cauldron and pushed 1.3.3 to core/updates_testing for mga3. QA team, please test new release [1] for mga3. Steps to reproduce are in upstream security tracker (link in comment 0). There're also other fixes [2] in this new release. [1] openttd-1.3.3-1.mga3 [2] http://gb.binaries.openttd.org/binaries/releases/1.3.3/changelog.txt
Assignee: jani.valimaa => qa-bugs
Thanks Jani! Advisory: ======================== Updated openttd package fixes security vulnerability: A missing validation in OpenTTD before 1.3.3 allows remote attackers to cause a denial of service (crash) by forcefully crashing aircraft near the corner of the map. This triggers a corner case where data outside of the allocated map array is accessed (CVE-2013-6411). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6411 http://openwall.com/lists/oss-security/2013/11/28/17 http://security.openttd.org/en/CVE-2013-6411 http://gb.binaries.openttd.org/binaries/releases/1.3.3/changelog.txt ======================== Updated packages in core/updates_testing: ======================== openttd-1.3.3-1.mga3 from openttd-1.3.3-1.mga3.src.rpm
Version: Cauldron => 3Whiteboard: MGA3TOO => (none)
Advisory 11852.adv committed to svn.
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
Testing complete on Mageia 3 i586 and x86_64. Someone from the sysadmin team please push 11852.adv to updates.
Keywords: (none) => validated_updateWhiteboard: advisory => advisory MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Just a reminder that this needs pushed in Cauldron first.
openttd-1.3.3-1.mga4 submitted for Cauldron.
Update pusned: http://advisories.mageia.org/MGASA-2013-0363.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED