[patch] security/vuxml openttd: Denial of service (server) using forcefully crashed aircrafts. Fix: Patch was attached or there: http://m1cro.tk/ports/security/vuxml/vuxml_openttd-1.3.3.patch Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->ports-secteam Over to maintainer (via the GNATS Auto Assign Tool)
Author: danfe Date: Tue Dec 3 06:28:03 2013 New Revision: 335546 URL: http://svnweb.freebsd.org/changeset/ports/335546 Log: Update to version 1.3.3, which fixes an important crashy bug: denial of service (server) using forcefully crashed aircrafts. While here, reduce the diffs between other OpenTTD's VuXML entries; and limit build logs verbosity to bulk package builders (or batch builds). PR: ports/184434, ports/184435 Submitted by: Ilya A. Arkhipov Security: CVE-2013-6411 Modified: head/games/openttd/Makefile head/games/openttd/distinfo head/security/vuxml/vuln.xml Modified: head/games/openttd/Makefile ============================================================================== --- head/games/openttd/Makefile Tue Dec 3 02:37:51 2013 (r335545) +++ head/games/openttd/Makefile Tue Dec 3 06:28:03 2013 (r335546) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= openttd -PORTVERSION= 1.3.2 +PORTVERSION= 1.3.3 CATEGORIES= games MASTER_SITES= http://ftp.snt.utwente.nl/pub/games/openttd/binaries/releases/${PORTVERSION}/ \ http://us.binaries.openttd.org/binaries/releases/${PORTVERSION}/ @@ -21,7 +21,10 @@ USE_XZ= yes HAS_CONFIGURE= yes CONFIGURE_ENV= STRIP="${STRIP_CMD} ${STRIP}" CONFIGURE_ARGS= --prefix-dir="${PREFIX}" --data-dir="${DATADIR_REL}" -MAKE_ARGS= VERBOSE=1 # We want to see what's going on + +.if defined(BATCH) || defined(PACKAGE_BUILDING) +MAKE_ARGS= VERBOSE=1 +.endif WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} CXXFLAGS= # Set to empty as OpenTTD treats it as an addition to CFLAGS Modified: head/games/openttd/distinfo ============================================================================== --- head/games/openttd/distinfo Tue Dec 3 02:37:51 2013 (r335545) +++ head/games/openttd/distinfo Tue Dec 3 06:28:03 2013 (r335546) @@ -1,2 +1,2 @@ -SHA256 (openttd-1.3.2-source.tar.xz) = f6efc0cd0c4f4315a98844c331acc2e02322d5671ec376b9f0a11795b0eb270b -SIZE (openttd-1.3.2-source.tar.xz) = 6347104 +SHA256 (openttd-1.3.3-source.tar.xz) = 6991ed2c0170481800c3a92a1b43546821a658de91d3ac7efe868588387eca5d +SIZE (openttd-1.3.3-source.tar.xz) = 6370128 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Dec 3 02:37:51 2013 (r335545) +++ head/security/vuxml/vuln.xml Tue Dec 3 06:28:03 2013 (r335546) @@ -51,6 +51,39 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="d2073237-5b52-11e3-80f7-c86000cbc6ec"> + <topic>OpenTTD -- Denial of service using forcefully crashed aircrafts</topic> + <affects> + <package> + <name>openttd</name> + <range><ge>0.3.6</ge><lt>1.3.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The OpenTTD Team reports:</p> + <blockquote cite="https://security.openttd.org/en/CVE-2013-6411"> + <p>The problem is caused by incorrectly handling the fact that + the aircraft circling the corner airport will be outside of the + bounds of the map. In the 'out of fuel' crash code the height + of the tile under the aircraft is determined. In this case + that means a tile outside of the allocated map array, which + could occasionally trigger invalid reads.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-6411</cvename> + <url>https://security.openttd.org/en/CVE-2013-6411</url> + <url>http://bugs.openttd.org/task/5820</url> + <url>http://vcs.openttd.org/svn/changeset/26134</url> + </references> + <dates> + <discovery>2013-11-28</discovery> + <entry>2013-11-28</entry> + </dates> + </vuln> + <vuln vid="620cf713-5a99-11e3-878d-20cf30e32f6d"> <topic>monitorix -- serious bug in the built-in HTTP server</topic> <affects> @@ -12132,7 +12165,7 @@ executed in your Internet Explorer while </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>OpenTTD reports:</p> + <p>The OpenTTD Team reports:</p> <blockquote cite="http://security.openttd.org/en/CVE-2012-3436"> <p>Denial of service (server) using ships on half tiles and landscaping.</p> @@ -28394,7 +28427,7 @@ executed in your Internet Explorer while </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>OpenTTD project reports:</p> + <p>The OpenTTD Team reports:</p> <blockquote cite="http://security.openttd.org/en/CVE-2010-2534"> <p>When multiple commands are queued (at the server) for execution in the next game tick and an client joins the server can get into _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed as part of r335546, thanks for your submission!