1.9.0beta5.2 Released
<i>This post was originally made by <b>Yagisan</b> on the dengDevs blog. It was posted under the categories: Beta 5, Blog, Engine, Games, jDoom, jHeretic, jHexen, Mac OS X, Platforms, Releases, Unix/Linux, Version 1.9, Windows.</i>
<strong>This is an URGENT SECURITY UPDATE. I'd like to thank Mrs Yagisan and My Little Yagisans' for understanding why daddy disappeared this weekend, so you lot don't get nigerian scammers hijacking your pcs.</strong>
Download here: <a href="http://sourceforge.net/project/showfiles.php?group_id=74815&package_id=75784&release_id=540048">Doomsday 1.9.0-beta5.2</a>
You SHOULD update as soon as binaries are available for your platform. <em>That should be after DaniJ and/or Skyjake see this post...</em>
Changes From 1.9.0beta5.1
<ul>
<li>Attempt to fix CVE-2007-4643 by discarding all runt packets. Luigi Auriemma's exploit 3 fails against this patch.</li>
<li>Attempt to fix CVE-2007-4642 - Luigi Auriemma's exploit 1 D_NetPlayerEvent global buffer-overflow using PKT_CHAT and exploit 2 Msg_Write global buffer-overflow through PKT_CHAT no longer effective.</li>
<li>Block off other possible msgBuff overflow vectors - no known exploits for these - yet</li>
<li>Attempt to fix CVE-2007-4642 - Luigi Auriemma's exploit 4 static buffer-overflow in NetSv_ReadCommands no longer effective.</li>
<li>Attempt to fix CVE-2007-4642 - undelimited strcpy in PKT_CHAT - no known exploits of this.</li>
<li>Includes Missing CMakeLists.txt that should have been in 1.9.0beta5.1</li>
</ul>
I wrote all the patches going in here, so if somethings goes wrong with networking now - post a bug report.
<strong>This is an URGENT SECURITY UPDATE. I'd like to thank Mrs Yagisan and My Little Yagisans' for understanding why daddy disappeared this weekend, so you lot don't get nigerian scammers hijacking your pcs.</strong>
Download here: <a href="http://sourceforge.net/project/showfiles.php?group_id=74815&package_id=75784&release_id=540048">Doomsday 1.9.0-beta5.2</a>
You SHOULD update as soon as binaries are available for your platform. <em>That should be after DaniJ and/or Skyjake see this post...</em>
Changes From 1.9.0beta5.1
<ul>
<li>Attempt to fix CVE-2007-4643 by discarding all runt packets. Luigi Auriemma's exploit 3 fails against this patch.</li>
<li>Attempt to fix CVE-2007-4642 - Luigi Auriemma's exploit 1 D_NetPlayerEvent global buffer-overflow using PKT_CHAT and exploit 2 Msg_Write global buffer-overflow through PKT_CHAT no longer effective.</li>
<li>Block off other possible msgBuff overflow vectors - no known exploits for these - yet</li>
<li>Attempt to fix CVE-2007-4642 - Luigi Auriemma's exploit 4 static buffer-overflow in NetSv_ReadCommands no longer effective.</li>
<li>Attempt to fix CVE-2007-4642 - undelimited strcpy in PKT_CHAT - no known exploits of this.</li>
<li>Includes Missing CMakeLists.txt that should have been in 1.9.0beta5.1</li>
</ul>
I wrote all the patches going in here, so if somethings goes wrong with networking now - post a bug report.