[netrek-dev] netrek-server-vanilla-2.12.1 released [SECURITY]

Fri Mar 2 02:13:42 CST 2007

netrek-server-vanilla 2.12.1 was released.

http://quozl.linux.org.au/netrek/
9ae1eafabbe7228625509c5690374559  netrek-server-vanilla-2.12.1.tar.gz

Packages for i386 Debian Etch also present.

Summary of changes:
- fixes format string security vulnerability when EVENTLOG=1

Patch attached.

Our thanks to Luigi Auriemma for reporting the vulnerability.  A
reproducer was supplied.  Severity is low, since EVENTLOG is shipped as
0 in docs/sample_sysdef.in.

If you have a question, please review the patch first, before you write.

-- 
James Cameron    mailto:quozl at us.netrek.org     http://quozl.netrek.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: netrek-server-vanilla-2.12.0-format-string.patch
Type: text/x-diff
Size: 6016 bytes
Desc: not available
Url : http://mailman.us.netrek.org/pipermail/netrek-dev/attachments/20070302/a5ed68c9/attachment.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.us.netrek.org/pipermail/netrek-dev/attachments/20070302/a5ed68c9/attachment.pgp 