Bugzilla – Bug 1010834
VUL-0: CVE-2016-9400: teeworlds-client: possible remote code execution
Last modified: 2017-08-05 10:17:07 UTC
Reference: http://seclists.org/oss-sec/2016/q4/440 =================================================== Hi teeworlds, a online multi-player platform 2D shooter, released a new upstream version 0.6.4 stating the following in the news: 0.6.4 released - another security fix (posted by: heinrich5991) | 2016-11-13 As with the 0.6.3 release, a reported security vulnerability motivated this release: This time, the security vulnerability is worse, attacker controlled memory-writes and possibly arbitrary code execution on the client, abusable by any server the client joins. https://www.teeworlds.com/?page=news&id=12086 Upstream fix: https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 Bug report in Debian: https://bugs.debian.org/844546 Could you assign a CVE for this issue? Regards, Salvatore =================================================== Due to https://software.opensuse.org/package/teeworlds 0.6.3 is being in use now.
games/teeworlds, not in the distribution
bugbot adjusting priority
Fixed 2016-11-20 in games repository: https://build.opensuse.org/request/show/441065 Never was an issue in distribution, as first version in factory was 0.6.4.