Bug 32038 - Xonotic update 0.8.6 with security fix
Summary: Xonotic update 0.8.6 with security fix
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://xonotic.org/posts/2023/xonoti...
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2023-06-22 15:44 CEST by psyca
Modified: 2023-06-29 06:12 CEST (History)
5 users (show)

See Also:
Source RPM: xonotic-0.8.5-1.mga9.src.rpm, xonotic-data-0.8.5-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description psyca 2023-06-22 15:44:25 CEST 
Description of problem:
Theres Xonotic 0.8.6 available with some bugfixes and new features. There was also an security bugfix : "believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code"

Changelog:
https://xonotic.org/posts/2023/xonotic-0-8-6-release/

SRPM pakages in Mageia 9:
xonotic-0.8.5-1.mga9.src.rpm and xonotic-data-0.8.5-1.mga9.src.rpm
psyca 2023-06-22 15:45:32 CEST

Source RPM: xonotic-0.8.5-1.mga9.src.rpm and xonotic-data-0.8.5-1.mga9.src.rpm => xonotic-0.8.5-1.mga9.src.rpm, xonotic-data-0.8.5-1.mga9.src.rpm

psyca 2023-06-22 16:15:35 CEST

Summary: MGA9 : Xonotic update 0.8.6 with security fix => Xonotic update 0.8.6 with security fix

psyca 2023-06-22 16:18:07 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-06-22 20:40:14 CEST 
DavidG, you have done it again! Fixed something instantly:
Jun 22 14:51:46 2023 daviddavid
- new version: 0.8.6
No choice but to hand you the bug to push on its way.

Component: RPM Packages => Security
Assignee: bugsquad => geiger.david68210
QA Contact: (none) => security

Comment 2 David GEIGER 2023-06-22 21:05:11 CEST 
Fixed for both mga8 and cauldron!

freeze_move requested for cauldron.


Assigning to QA

Packages in 8/Core/Updates_testing:
======================
xonotic-0.8.6-1.mga8
xonotic-data-0.8.6-1.mga8.noarch.rpm


From SRPMS:
xonotic-0.8.6-1.mga8.src.rpm
xonotic-data-0.8.6-1.mga8.src.rpm

Whiteboard: MGA8TOO => (none)
Assignee: geiger.david68210 => qa-bugs
Version: Cauldron => 8

David Walser 2023-06-23 01:27:11 CEST

CC: (none) => geiger.david68210

Comment 3 Herman Viaene 2023-06-26 11:42:36 CEST 
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Run it, go thru first settings dialogue, select single session, easy level and got killed without hitting anything. But the game itself seems to work OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 psyca 2023-06-26 14:05:04 CEST 
Played some levels from the campain. Works ok.
Multiplayer not tested.
Comment 5 Thomas Andrews 2023-06-26 14:09:25 CEST 
Always good to have even a basic test by someone familiar with the game. Thanks!

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-06-27 23:04:31 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 6 Mageia Robot 2023-06-28 07:23:21 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0212.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 7 David Walser 2023-06-28 23:45:40 CEST 
It was reported on IRC that xonotic-data was not moved to updates/

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 8 Dave Hodgins 2023-06-29 04:18:36 CEST 
Sorry. My screwup.
Advisory fixed in svn. Requested the move on the sysadmin-discuss ml.
Comment 9 Thomas Backlund 2023-06-29 06:12:09 CEST 
 xonotic-data-0.8.6-1.mga8.src.rpm moved.

Resolution: (none) => FIXED
Status: REOPENED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.