ports/161488: Upgrade OpenTTD to 1.1.3
Ilya A. Arkhipov
micro at heavennet.ru
Tue Oct 11 11:30:08 UTC 2011
>Number: 161488
>Category: ports
>Synopsis: Upgrade OpenTTD to 1.1.3
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 11 11:30:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Ilya A. Arkhipov
>Release: FreeBSD 10.0-CURRENT
>Organization:
Luxoft
>Environment:
FreeBSD micro 10.0-CURRENT FreeBSD 10.0-CURRENT #3 r226184: Mon Oct 10 12:44:23 MSK 2011 root at micro:/usr/obj/usr/src/sys/MICROKERNEL amd64
>Description:
Update OpenTTD to 1.1.3.
And add vuxml entry for:
CVE-2011-3343 -- http://security.openttd.org/en/CVE-2011-3343
CVE-2011-3342 -- http://security.openttd.org/en/CVE-2011-3342
CVE-2011-3341 -- http://security.openttd.org/en/CVE-2011-3341
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -Nru openttd_1.1.2/Makefile openttd/Makefile
--- openttd_1.1.2/Makefile 2011-10-11 14:37:42.758214257 +0400
+++ openttd/Makefile 2011-10-11 14:37:53.752211050 +0400
@@ -6,7 +6,7 @@
#
PORTNAME= openttd
-PORTVERSION= 1.1.2
+PORTVERSION= 1.1.3
CATEGORIES= games
MASTER_SITES= http://gb.binaries.openttd.org/binaries/releases/${PORTVERSION}/ \
http://ftp.snt.utwente.nl/pub/games/openttd/binaries/releases/${PORTVERSION}/ \
diff -Nru openttd_1.1.2/distinfo openttd/distinfo
--- openttd_1.1.2/distinfo 2011-10-11 14:37:42.771221915 +0400
+++ openttd/distinfo 2011-10-11 14:37:57.862207711 +0400
@@ -1,2 +1,2 @@
-SHA256 (openttd-1.1.2-source.tar.xz) = 372073bd2b87c078c714176d1b75e16768a85122993ebd7a36e60aa071903b3d
-SIZE (openttd-1.1.2-source.tar.xz) = 5040364
+SHA256 (openttd-1.1.3-source.tar.xz) = 3adb21211fe02411110beaf1f447e03e8a2e9e07b5d9f92247a5b063881c8ed6
+SIZE (openttd-1.1.3-source.tar.xz) = 5165696
diff -Nru vuxml_old/vuln.xml vuxml/vuln.xml
--- vuxml_old/vuln.xml 2011-10-11 15:21:55.428208767 +0400
+++ vuxml/vuln.xml 2011-10-11 15:17:53.608208879 +0400
@@ -34,6 +34,89 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="9bad5ab1-f3f6-11e0-8b5c-b482fe3f522d">
+ <topic>OpenTTD -- Multiple buffer overflows in validation of external data</topic>
+ <affects>
+ <package>
+ <name>openttd</name>
+ <range><ge>0.1.0</ge><lt>1.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenTTD Team reports:</p>
+ <blockquote cite="http://security.openttd.org/en/CVE-2011-3343">
+ <p>Multiple buffer overflows in OpenTTD before 1.1.3 allow
+ local users to cause a denial of service (daemon crash) or
+ possibly gain privileges via (1) a crafted BMP file with RLE
+ compression or (2) crafted dimensions in a BMP file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2011-3343</cvename>
+ <url>http://security.openttd.org/en/CVE-2011-3343</url>
+ </references>
+ <dates>
+ <discovery>2011-08-25</discovery>
+ <entry>2011-09-02</entry>
+ </dates>
+ </vuln>
+ <vuln vid="78c25ed7-f3f9-11e0-8b5c-b482fe3f522d">
+ <topic>OpenTTD -- Buffer overflows in savegame loading</topic>
+ <affects>
+ <package>
+ <name>openttd</name>
+ <range><ge>0.1.0</ge><lt>1.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenTTD Team reports:</p>
+ <blockquote cite="http://security.openttd.org/en/CVE-2011-3342">
+ <p>Multiple buffer overflows in OpenTTD before 1.1.3 allow remote
+ attackers to cause a denial of service (daemon crash) or possibly
+ execute arbitrary code via vectors related to (1) NAME, (2) PLYR,
+ (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2011-3342</cvename>
+ <url>http://security.openttd.org/en/CVE-2011-3342</url>
+ </references>
+ <dates>
+ <discovery>2011-08-08</discovery>
+ <entry>2011-08-25</entry>
+ </dates>
+ </vuln>
+ <vuln vid="e77befb5-f3f9-11e0-8b5c-b482fe3f522d">
+ <topic>OpenTTD -- Denial of service via improperly validated commands</topic>
+ <affects>
+ <package>
+ <name>openttd</name>
+ <range><ge>0.3.5</ge><lt>1.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenTTD Team reports:</p>
+ <blockquote cite="http://security.openttd.org/en/CVE-2011-3341">
+ <p>Multiple off-by-one errors in order_cmd.cpp in OpenTTD before
+ 1.1.3 allow remote attackers to cause a denial of service (daemon crash)
+ or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2011-3341</cvename>
+ <url>http://security.openttd.org/en/CVE-2011-3341</url>
+ </references>
+ <dates>
+ <discovery>2011-08-25</discovery>
+ <entry>2011-08-26</entry>
+ </dates>
+ </vuln>
<vuln vid="ab9be2c8-ef91-11e0-ad5a-00215c6a37bb">
<topic>quagga -- multiple vulnerabilities</topic>
<affects>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list