ioquake/jedi-academy
0
0
Fork 0
mirror of https://github.com/ioquake/jedi-academy.git synced 2024-11-26 14:11:20 +00:00
Code Issues Projects Releases Packages Wiki Activity
165 commits 1 branch 0 tags 15 MiB
Commit graph

5 commits

Author SHA1 Message Date
Jonathan Gray
647eeff5d3 security fix: prevent command injection via callvote 
Luigi Auriemma q3cbufexec

from Ludwig Nussel in ioquake3
svn 1493 git f5aae78481d71307a0b874b1f17ecdead1469392

security fix: prevent command injection via callvote

from Thilo Schulz in ioquake3
svn 1838 git cf791d14c58f536eec8220d93fb9af443f8837e9

- Fix bug #4769 remote server crash
 2013-05-07 22:20:02 +10:00
Jonathan Gray
eec13dc1bf buffer overflow and format string bug in auth server response processing 
from Ludwig Nussel in ioquake3
svn 1025 git 8ca8d845911fb6545bf723cade39944d874d01ea

fix buffer overflow and format string bug in auth server response
processing
 2013-05-07 22:20:02 +10:00
Jonathan Gray
85caaddab4 CVE-2006-2082 Directory traversal vulnerability in Quake 3 engine 
CVE-2006-2082
Directory traversal vulnerability in Quake 3 engine, as used in products
including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy
Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload
cvar is enabled, allows remote attackers to read arbitrary files from
the server via ".." sequences in a .pk3 file request.

from Thilo Schulz in ioquake3
svn 777 git 60293f49ee8c665673202e80ecd103f13a9fa6ab

Fix bug that permits download of arbitrary files from a download enabled
server by checking requested file name against the list of loaded pk3
files. See CVE-2006-2082
 2013-05-07 22:18:44 +10:00
Jonathan Gray
039ef2cb4a ditch dos style newlines 2013-04-23 15:21:39 +10:00
James Monroe
684d1bcb3b Jedi Academy Release 2013-04-04 17:35:38 -05:00