Red Hat Bugzilla – Bug 227415
CVE-2007-0657 - vulnerability in Nexuiz 2.2.2
Last modified: 2007-11-30 17:11:56 EST
According to http://www.alientrap.org/devwiki/index.php?n=Nexuiz.Patch,
Nexuiz 2.2.3 fixes a remote file read/write security hole: "fix severe remote
file read/overwrite security hole in 'gamedir' command (2.2.1 was NOT affected
as the command was new in 2.2.2)." It is CVE-2007-0657.
Although it claims 2.2.1 (the current Fedora Extras release) is not affected, we
may want to upgrade anyway?
We discussed this a few days ago in PM with Adrian, and he said he'd take a look
at bumping to 2.2.3 sometime, 2.2.2 will not be shipped.
Given the above plan and non-affectedness of 2.2.1, this CVE is already marked
as "ignore" in the CVS audit files -> removing security keyword and list from Cc.
Notice that there are also these 2 CVE's against nexuiz:
[ 1 ] CVE-2006-6609
[ 2 ] CVE-2006-6610
Both of which (according to the gentoo advisory) are fixed in 2.2.2, thus we
should upgrade to either 2.2.2 or 2.2.3 ASAP.
Both CVE's (6609 and 6610) are fixed with 2.2.1.
released 2.2.3 for FC-5, FC-6 and devel