Bug 4044 - Update request for openttd
Summary: Update request for openttd
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 1
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard:
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2012-01-06 17:10 CET by Jani Välimaa
Modified: 2012-01-09 15:37 CET (History)
3 users (show)

See Also:
Source RPM: openttd-1.1.0-1.1.mga1
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jani Välimaa 2012-01-06 17:10:24 CET 
Latest release [1] in core/updates_testing fixes multiple vulnerabilities.

[1] openttd-1.1.0-1.1.mga1

Proposal for advisory:
======================
This update fixes multiple vulnerabilities:

CVE-2011-3343 (Multiple buffer overflows in validation of external data)
CVE-2011-3342 (Buffer overflows in savegame loading)
CVE-2011-3341 (Denial of service via improperly validated commands)

Additional info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3343
======================
Comment 1 Dave Hodgins 2012-01-06 21:26:30 CET 
Testing complete on i586 for the srpm
openttd-1.1.0-1.1.mga1.src.rpm

No poc for the cves, so just testing that the game works.
Following http://wiki.openttd.org/Tutorial up to the point of creating
a couple of bus stations works.

CC: (none) => davidwhodgins

Comment 2 claire robinson 2012-01-09 12:46:03 CET 
# urpmi openttd
In order to satisfy the 'timidity-instruments[== 2]' dependency, one of the following packages is needed:
 1- timidity-patch-freepats-20060219-14.mga1.noarch: Patch set for MIDI audio synthesis (to install)
 2- timidity-patch-gravis-1.0-29.mga1.noarch: Instruments for the timidity midi->wave converter/player (to install)
 3- timidity-patch-fluid-3.1-6.mga1.noarch: Pro-quality General Midi soundfont in GUS patch format (to install)
What is your choice? (1-3) 2
To satisfy dependencies, the following packages are going to be installed:
   Package                        Version      Release       Arch
(medium "Core Release")
  TiMidity++                     2.13.2       30.mga1       x86_64
  openttd                        1.1.0        1.mga1        x86_64
  openttd-opengfx                0.3.3        1.mga1        noarch
  openttd-opensfx                0.2.3        3.mga1        noarch
  timidity-patch-gravis          1.0          29.mga1       noarch
(medium "Core 32bit Release")
  openttd-openmsx                0.3.1        2.mga1        noarch
39MB of additional disk space will be used.
22MB of packages will be retrieved.
Proceed with the installation of the 6 packages? (Y/n) y

Updating with MagieaUpdate

The following package is going to be installed:

- openttd-1.1.0-1.1.mga1.x86_64

Tested OK x86_64 again with the tutorial. (Thanks Dave)

Saved and loaded a game. Confirmed menu entry present.

Update validated

advisory:
======================
This update fixes multiple vulnerabilities:

CVE-2011-3343 (Multiple buffer overflows in validation of external data)
CVE-2011-3342 (Buffer overflows in savegame loading)
CVE-2011-3341 (Denial of service via improperly validated commands)

Additional info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3343
======================

SRPM: openttd-1.1.0-1.1.mga1.src.rpm


Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Hardware: i586 => All

Comment 3 Thomas Backlund 2012-01-09 15:37:05 CET 
update pushed

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.