Accepted: tintin++ 1.97.9-2 (source)

Ubuntu Installer archive at
Tue Apr 1 01:45:22 BST 2008

 OK: tintin++_1.97.9.orig.tar.gz
 OK: tintin++_1.97.9-2.diff.gz
 OK: tintin++_1.97.9-2.dsc
     -> Component: universe Section: games

Origin: Debian/unstable
Format: 1.7
Date: Tue,  01 Apr 2008 01:37:57 +0100
Source: tintin++
Binary: tintin++
Architecture: source
Version: 1.97.9-2
Distribution: hardy
Urgency: high
Maintainer: Ana Beatriz Guerrero Lopez <ana at>
Changed-By: William Grant <william at>
 tintin++   - classic text-based MUD client
Closes: 465643
 tintin++ (1.97.9-2) unstable; urgency=high
   * Add secutity.patch fixing the following security bugs:
   - CVE-2008-0671:
     Stack-based buffer overflow in the add_line_buffer function allows 
     remote attackers to execute arbitrary code via a long chat message, 
     related to conversion from LF to CRLF.
   - CVE-2008-0672:
     The process_chat_input function allows remote attackers to cause a 
     denial of service (application crash) via a YES message without a newline 
     character, which triggers a NULL dereference.
   - CVE-2008-0673:
     TinTin++ open files on the basis of an inbound file-transfer request, before
     the user has an opportunity to decline the request, which allows remote 
     attackers to truncate arbitrary files in the top level of a home directory.
     (Closes: #465643)
   * Add quilt support for patching.
 tintin++ (1.97.9-1) unstable; urgency=low
   * New upstream release.
   * Remove broken watch file.
   * Update to debhelper 6.
   * Convert copyright file to UTF-8.
 1df9dfbabb9e8969dc97ee9ba3f5ad9c 228428 games optional tintin++_1.97.9.orig.tar.gz
 70e495765e3b8ee7113f7861135f4212 701 games optional tintin++_1.97.9-2.dsc
 84c076763b3f554e0d7dbfce30f77a85 6044 games optional tintin++_1.97.9-2.diff.gz

More information about the Hardy-changes mailing list