Attachment #119032 for bug #161488

View | Details | Raw Unified | Return to bug 161488
Collapse All | Expand All

Lines 6-12 Link Here

(-)openttd/Makefile (-1 / +1 lines)
6	#	6	#
7		7
8	PORTNAME= openttd	8	PORTNAME= openttd
9	PORTVERSION= 1.1.2	9	PORTVERSION= 1.1.3
10	CATEGORIES= games	10	CATEGORIES= games
11	MASTER_SITES= http://gb.binaries.openttd.org/binaries/releases/${PORTVERSION}/ \	11	MASTER_SITES= http://gb.binaries.openttd.org/binaries/releases/${PORTVERSION}/ \
12	http://ftp.snt.utwente.nl/pub/games/openttd/binaries/releases/${PORTVERSION}/ \	12	http://ftp.snt.utwente.nl/pub/games/openttd/binaries/releases/${PORTVERSION}/ \

Lines 1-2 Link Here

(-)openttd/distinfo (-2 / +2 lines)
1	SHA256 (openttd-1.1.2-source.tar.xz) = 372073bd2b87c078c714176d1b75e16768a85122993ebd7a36e60aa071903b3d	1	SHA256 (openttd-1.1.3-source.tar.xz) = 3adb21211fe02411110beaf1f447e03e8a2e9e07b5d9f92247a5b063881c8ed6
2	SIZE (openttd-1.1.2-source.tar.xz) = 5040364	2	SIZE (openttd-1.1.3-source.tar.xz) = 5165696





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="9bad5ab1-f3f6-11e0-8b5c-b482fe3f522d">
    <topic>OpenTTD -- Multiple buffer overflows in validation of external data</topic>
    <affects>
      <package>
        <name>openttd</name>
        <range><ge>0.1.0</ge><lt>1.1.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>The OpenTTD Team reports:</p>
        <blockquote cite="http://security.openttd.org/en/CVE-2011-3343">
          <p>Multiple buffer overflows in OpenTTD before 1.1.3 allow
          local users to cause a denial of service (daemon crash) or
          possibly gain privileges via (1) a crafted BMP file with RLE 
          compression or (2) crafted dimensions in a BMP file.</p>
        </blockquote>
      </body>
    </description>
      <references>
        <cvename>CVE-2011-3343</cvename>
        <url>http://security.openttd.org/en/CVE-2011-3343</url>
      </references>
      <dates>
        <discovery>2011-08-25</discovery>
        <entry>2011-09-02</entry>
      </dates>
  </vuln>
  <vuln vid="78c25ed7-f3f9-11e0-8b5c-b482fe3f522d">
    <topic>OpenTTD -- Buffer overflows in savegame loading</topic>
    <affects>
      <package>
        <name>openttd</name>
        <range><ge>0.1.0</ge><lt>1.1.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>The OpenTTD Team reports:</p>
        <blockquote cite="http://security.openttd.org/en/CVE-2011-3342">
          <p>Multiple buffer overflows in OpenTTD before 1.1.3 allow remote
          attackers to cause a denial of service (daemon crash) or possibly
          execute arbitrary code via vectors related to (1) NAME, (2) PLYR,
          (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.</p>
        </blockquote>
      </body>
    </description>
      <references>
        <cvename>CVE-2011-3342</cvename>
        <url>http://security.openttd.org/en/CVE-2011-3342</url>
      </references>
      <dates>
        <discovery>2011-08-08</discovery>
        <entry>2011-08-25</entry>
      </dates>
  </vuln>
  <vuln vid="e77befb5-f3f9-11e0-8b5c-b482fe3f522d">
    <topic>OpenTTD -- Denial of service via improperly validated commands</topic>
    <affects>
      <package>
        <name>openttd</name>
        <range><ge>0.3.5</ge><lt>1.1.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>The OpenTTD Team reports:</p>
        <blockquote cite="http://security.openttd.org/en/CVE-2011-3341">
          <p>Multiple off-by-one errors in order_cmd.cpp in OpenTTD before
          1.1.3 allow remote attackers to cause a denial of service (daemon crash)
          or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.</p>
        </blockquote>
      </body>
    </description>
      <references>
        <cvename>CVE-2011-3341</cvename>
        <url>http://security.openttd.org/en/CVE-2011-3341</url>
      </references>
      <dates>
        <discovery>2011-08-25</discovery>
        <entry>2011-08-26</entry>
      </dates>
  </vuln>
  <vuln vid="ab9be2c8-ef91-11e0-ad5a-00215c6a37bb">
    <topic>quagga -- multiple vulnerabilities</topic>
    <affects>

Return to bug 161488

Lines 34-39 Link Here

(-)vuxml/vuln.xml (+83 lines)
34		34
35	-->	35	-->
36	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	36	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		37	<vuln vid="9bad5ab1-f3f6-11e0-8b5c-b482fe3f522d">
		38	<topic>OpenTTD -- Multiple buffer overflows in validation of external data</topic>
		39	<affects>
		40	<package>
		41	<name>openttd</name>
		42	<range><ge>0.1.0</ge><lt>1.1.3</lt></range>
		43	</package>
		44	</affects>
		45	<description>
		46	<body xmlns="http://www.w3.org/1999/xhtml">
		47	<p>The OpenTTD Team reports:</p>
		48	<blockquote cite="http://security.openttd.org/en/CVE-2011-3343">
		49	<p>Multiple buffer overflows in OpenTTD before 1.1.3 allow
		50	local users to cause a denial of service (daemon crash) or
		51	possibly gain privileges via (1) a crafted BMP file with RLE
		52	compression or (2) crafted dimensions in a BMP file.</p>
		53	</blockquote>
		54	</body>
		55	</description>
		56	<references>
		57	<cvename>CVE-2011-3343</cvename>
		58	<url>http://security.openttd.org/en/CVE-2011-3343</url>
		59	</references>
		60	<dates>
		61	<discovery>2011-08-25</discovery>
		62	<entry>2011-09-02</entry>
		63	</dates>
		64	</vuln>
		65	<vuln vid="78c25ed7-f3f9-11e0-8b5c-b482fe3f522d">
		66	<topic>OpenTTD -- Buffer overflows in savegame loading</topic>
		67	<affects>
		68	<package>
		69	<name>openttd</name>
		70	<range><ge>0.1.0</ge><lt>1.1.3</lt></range>
		71	</package>
		72	</affects>
		73	<description>
		74	<body xmlns="http://www.w3.org/1999/xhtml">
		75	<p>The OpenTTD Team reports:</p>
		76	<blockquote cite="http://security.openttd.org/en/CVE-2011-3342">
		77	<p>Multiple buffer overflows in OpenTTD before 1.1.3 allow remote
		78	attackers to cause a denial of service (daemon crash) or possibly
		79	execute arbitrary code via vectors related to (1) NAME, (2) PLYR,
		80	(3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.</p>
		81	</blockquote>
		82	</body>
		83	</description>
		84	<references>
		85	<cvename>CVE-2011-3342</cvename>
		86	<url>http://security.openttd.org/en/CVE-2011-3342</url>
		87	</references>
		88	<dates>
		89	<discovery>2011-08-08</discovery>
		90	<entry>2011-08-25</entry>
		91	</dates>
		92	</vuln>
		93	<vuln vid="e77befb5-f3f9-11e0-8b5c-b482fe3f522d">
		94	<topic>OpenTTD -- Denial of service via improperly validated commands</topic>
		95	<affects>
		96	<package>
		97	<name>openttd</name>
		98	<range><ge>0.3.5</ge><lt>1.1.3</lt></range>
		99	</package>
		100	</affects>
101	<description>
102	<body xmlns="http://www.w3.org/1999/xhtml">
103	<p>The OpenTTD Team reports:</p>
104	<blockquote cite="http://security.openttd.org/en/CVE-2011-3341">
105	<p>Multiple off-by-one errors in order_cmd.cpp in OpenTTD before
106	1.1.3 allow remote attackers to cause a denial of service (daemon crash)
107	or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.</p>
108	</blockquote>
109	</body>
110	</description>
111	<references>
112	<cvename>CVE-2011-3341</cvename>
113	<url>http://security.openttd.org/en/CVE-2011-3341</url>
114	</references>
115	<dates>
116	<discovery>2011-08-25</discovery>
117	<entry>2011-08-26</entry>
118	</dates>
119	</vuln>
37	<vuln vid="ab9be2c8-ef91-11e0-ad5a-00215c6a37bb">	120	<vuln vid="ab9be2c8-ef91-11e0-ad5a-00215c6a37bb">
38	<topic>quagga -- multiple vulnerabilities</topic>	121	<topic>quagga -- multiple vulnerabilities</topic>
39	<affects>	122	<affects>