Latest release [1] in core/updates_testing fixes multiple vulnerabilities. [1] openttd-1.1.0-1.1.mga1 Proposal for advisory: ====================== This update fixes multiple vulnerabilities: CVE-2011-3343 (Multiple buffer overflows in validation of external data) CVE-2011-3342 (Buffer overflows in savegame loading) CVE-2011-3341 (Denial of service via improperly validated commands) Additional info: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3341 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3343 ======================
Testing complete on i586 for the srpm openttd-1.1.0-1.1.mga1.src.rpm No poc for the cves, so just testing that the game works. Following http://wiki.openttd.org/Tutorial up to the point of creating a couple of bus stations works.
CC: (none) => davidwhodgins
# urpmi openttd In order to satisfy the 'timidity-instruments[== 2]' dependency, one of the following packages is needed: 1- timidity-patch-freepats-20060219-14.mga1.noarch: Patch set for MIDI audio synthesis (to install) 2- timidity-patch-gravis-1.0-29.mga1.noarch: Instruments for the timidity midi->wave converter/player (to install) 3- timidity-patch-fluid-3.1-6.mga1.noarch: Pro-quality General Midi soundfont in GUS patch format (to install) What is your choice? (1-3) 2 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release") TiMidity++ 2.13.2 30.mga1 x86_64 openttd 1.1.0 1.mga1 x86_64 openttd-opengfx 0.3.3 1.mga1 noarch openttd-opensfx 0.2.3 3.mga1 noarch timidity-patch-gravis 1.0 29.mga1 noarch (medium "Core 32bit Release") openttd-openmsx 0.3.1 2.mga1 noarch 39MB of additional disk space will be used. 22MB of packages will be retrieved. Proceed with the installation of the 6 packages? (Y/n) y Updating with MagieaUpdate The following package is going to be installed: - openttd-1.1.0-1.1.mga1.x86_64 Tested OK x86_64 again with the tutorial. (Thanks Dave) Saved and loaded a game. Confirmed menu entry present. Update validated advisory: ====================== This update fixes multiple vulnerabilities: CVE-2011-3343 (Multiple buffer overflows in validation of external data) CVE-2011-3342 (Buffer overflows in savegame loading) CVE-2011-3341 (Denial of service via improperly validated commands) Additional info: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3341 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3343 ====================== SRPM: openttd-1.1.0-1.1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED