Attachment 138467 Details for Bug 184434 – file.diff

[patch] file.diff

file.diff (text/plain), 1.57 KB, created by ru_M1cRO on 2013-12-02 13:50:00 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: ru_M1cRO

Created: 2013-12-02 13:50:00 UTC

Size: 1.57 KB

patch

obsolete

>Index: vuln.xml
>===================================================================
>--- vuln.xml	(revision 335482)
>+++ vuln.xml	(working copy)
>@@ -51,6 +51,39 @@
> 
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+  <vuln vid="d2073237-5b52-11e3-80f7-c86000cbc6ec">
>+    <topic>openttd -- Denial of service using forcefully crashed aircrafts</topic>
>+    <affects>
>+      <package>
>+	<name>openttd</name>
>+	<range><ge>0.3.6</ge><lt>1.3.3</lt></range>
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+	<p>OpenTTD reports:</p>
>+	<blockquote cite="https://security.openttd.org/en/CVE-2013-6411">
>+	  <p>The problem is caused by incorrectly handling the fact that
>+	    the aircraft circling the corner airport will be outside of the bounds
>+	    of the map. In the 'out of fuel' crash code the height of the tile
>+	    under the aircraft is determined. In this case that means a tile
>+	    outside of the allocated map array, which could occasionally
>+	    trigger invalid reads.</p>
>+	</blockquote>
>+      </body>
>+    </description>
>+    <references>
>+      <cvename>CVE-2013-6411</cvename>
>+      <url>https://security.openttd.org/en/CVE-2013-6411</url>
>+      <url>http://bugs.openttd.org/task/5820</url>
>+      <url>http://vcs.openttd.org/svn/changeset/26134</url>
>+    </references>
>+    <dates>
>+      <discovery>2013-11-28</discovery>
>+      <entry>2013-11-28</entry>
>+    </dates>
>+  </vuln>
>+
>   <vuln vid="620cf713-5a99-11e3-878d-20cf30e32f6d">
>     <topic>monitorix -- serious bug in the built-in HTTP server</topic>
>     <affects>

Actions: View | Diff

Attachments on bug 184434: 138467