-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3812-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ioquake3 CVE ID : CVE-2017-6903 It was discovered that ioquake3, a modified version of the ioQuake3 game engine performs insufficent restrictions on automatically downloaded content (pk3 files or game code), which allows malicious game servers to modify configuration settings including driver settings. For the stable distribution (jessie), this problem has been fixed in version 1.36+u20140802+gca9eebb-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1.36+u20161101+dfsg1-2. We recommend that you upgrade your ioquake3 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljNMJ8ACgkQEMKTtsN8 Tjb7wQ/9EJtsu/03J6vhNqgJ2lnhebdY/uN1EWxugHobleZLGzERvpA5S8o1+zVP ysCKeIKe88Yb02ZBVYIabfK5TR7eOzvNKs/wJG0Nst7LUmPsDQMEyNreVgJEyr8S uDOrHMWuHWmTzZxZzHhX0zPw0MiCl/woR5Mh0NBOhuq40X4wKuve/jtXD7Y501vg lRzlrAwfO+rSULnL96IvKyBqMCxQK3QyXHHXWlN9yaf3JqJD5zSDHX6xJdFOgGPo BzawGi8PJb4ZouhgVNhxWdP+hGzn4UijephDgsLC0vgBKMdqG68Gg9yohBuap9to p3y00CT0MdjXEouRA750BCQWGCE5E3f9JNjzWOgs23IGxZKzVBUIy0z8Td5Ilbhc U7MnDcTJcXo1MWbDwJ1FDGHK1GoSR8ffl7azlo24TistBdkw8WUOvJesSDgmGWE9 9PNPC66L8ntpJJMSRnjrPcdQHq9bYZG8t3mC4AW3uQRLbxAPSYGVzZykTPXKOSDv B4E5CNRVcExyXFy0wZCmpH82IQXzlfOZeT0GysdXYABnoyd0E5BKWFqJwY3aRUe/ tSK28NfVlO6nXz+FuJxvXzKRtjv2H8YsQd5EQqlfsrI3iB9jlbszKCfYsi8SxcK3 UfDR6kKRKVgmZdJ3NmnO9EVaqE+bqsu0Q/ehGZHnBnDuTEjhDoE= =Omka -----END PGP SIGNATURE-----
