[Bug 227415] New: CVE-2007-0657 - vulnerability in Nexuiz 2.2.2

Mon Feb 5 21:06:39 UTC 2007

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227415

           Summary: CVE-2007-0657 - vulnerability in Nexuiz 2.2.2
           Product: Fedora Extras
           Version: fc5
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: nexuiz
        AssignedTo: adrian at lisas.de
        ReportedBy: deisenst at gtw.net
         QAContact: extras-qa at fedoraproject.org
                CC: extras-qa at fedoraproject.org,fedora-security-
                    list at redhat.com

According to http://www.alientrap.org/devwiki/index.php?n=Nexuiz.Patch,
Nexuiz 2.2.3 fixes a remote file read/write security hole:  "fix severe remote
file read/overwrite security hole in 'gamedir' command (2.2.1 was NOT affected
as the command was new in 2.2.2)."  It is CVE-2007-0657.

Although it claims 2.2.1 (the current Fedora Extras release) is not affected, we
may want to upgrade anyway?

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.