Bug 23361 - Update candidate: godot 2.1.5 (security)
Summary: Update candidate: godot 2.1.5 (security)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-07-28 23:00 CEST by Rémi Verschelde
Modified: 2018-08-10 16:40 CEST (History)
3 users (show)

See Also:
Source RPM: godot-2.1.3-1.mga6
CVE:
Status comment:


Attachments

Description Rémi Verschelde 2018-07-28 23:00:10 CEST
While we are getting Godot 3.x in core/backports on mga6 (bug 22771), we still provide Godot 2.x in core/release, and the latest release fixes many bugs, including security relevant ones.

Advisory:
=========

Updated godot packages fix security vulnerability

  Fabio Alessandrelli found and fixed several security vulnerabilities in the
  marshalling code of Godot Engine, which could be used by a remote Godot client
  to cause a Denial of Service for a Godot server.

  This update to Godot 2.1.5 fixes it, as well as bringing over a year's worth
  of bug fixing, usability enhancements and features.

Reference:
 - TODO (not published upstream - i.e. by me - yet)


RPMs in core/updates_testing:
=============================

godot-2.1.5-1.mga6
godot-demos-2.1.5-1.mga6
godot-runner-2.1.5-1.mga6
godot-server-2.1.5-1.mga6


SRPM in core/updates_testing:
=============================

godot-2.1.5-1.mga6


Testing procedure:
==================

The `godot` binary (in package `godot`) is a game engine and editor, so launching it will bring the "project manager" where a project can be created or imported.

The `godot-demos` package contains such projects, which can be imported in the project manager (they are located in /usr/share/godot/demos).

The `godot-runner` package can be tested by playing the games `minilens` or `tanks-of-freedom` which depend on it.
Comment 1 Len Lawrence 2018-07-29 12:59:31 CEST
Mageia 6, x86_64

Installed godot packages, version 2.1.3.
Tried out the godot engine, created a project tyro and imported minesweeper from demos.  Opened the godot editor - it looked functional.
Installed minilens separately and gave that a run.

Updated to version 2.1.5.1

Ran godot and opened the 'tyro' project in the editor.  Looked at 2D and 3D views and the asset library.  Imported the 2D Dungeon Generator.  Left the project there though.

Ran minilens and noted Rémi's name in the credits.  Scored 49 on the third level.  That's enough of that.  Can't be doing with running up and down ladders at my age.

Installed tanks-of-freedom and loaded it from the system menus.  Ran the demo then started a skirmish using the King-of-the-hill map.  Turned tail after a few steps - discretion is the better part of valour.

It all seems to work perfectly.

Good for 64-bits.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => tarazed25

Len Lawrence 2018-07-30 13:21:10 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Thomas Backlund 2018-08-10 15:53:00 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 2 Mageia Robot 2018-08-10 16:40:02 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0333.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.