buffer overrun through UDP input

Here's a debdiff of the sources in Raring.

I have built this package in sbuild for Raring and it compiles successfully. I was able to install the base flightgear and simgear packages in Raring and was able to upgrade to the built debs.

The attachment "debdiff of Simgear Raring" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Here is the debdiff of flightgear sources for Raring.

Flightgear FTBFS (even without this debdiff), most likely due to the changes in 2.6.0-3ubuntu1. Until those changes are reverted, flightgear will continue to FTBFS. Note that the libs-underlinkage.patch that was added in that change is not present in Quantal, which also uses 2.6.0.

Correction: 2.6.0-3ubuntu1 refers to simgear 2.6.0-3ubuntu1.

http://paste.ubuntu.com/6298101/

The above patch fixes the FTBFS, should be able to be uploaded along with the security update.

Do I need to update my patch and combine the FTBFS fix?

Saikrishna, no, I've got your fixes merged with Adam's fixes building on my laptop right now, if the end results look good I'll release them later tonight.

Thanks, both of you.

This bug was fixed in the package flightgear - 2.6.0-1ubuntu1

---------------
flightgear (2.6.0-1ubuntu1) raring-security; urgency=low

  * SECURITY UPDATE: buffer overrun via the rotor tag in an aircraft XML model
    (LP: #1243969)
    - debian/patches/CVE-2012-2091.patch: use snprintf(), and read in only
      256 bytes at most.
    - CVE 2012-2091
    - Prepared by Saikrishna Arcot <email address hidden>
  * Add pthread to SIMGEAR_CORE_LIBRARY_DEPENDENCIES to fix FTBFS.
    - Prepared by Adam Conrad <email address hidden>
 -- Seth Arnold <email address hidden> Thu, 24 Oct 2013 18:46:02 -0800

This bug was fixed in the package simgear - 2.6.0-3ubuntu1.1

---------------
simgear (2.6.0-3ubuntu1.1) raring-security; urgency=low

  * SECURITY UPDATE: buffer overrun through UDP input (LP: #1243969)
    - debian/patches/CVE-2012-2091.patch: ensure that the length of what is
      being read in is less than the maximum, and ensure that the length of
      the message or the maximum length is read in.
    - CVE 2012-2091
 -- Saikrishna Arcot <email address hidden> Tue, 22 Oct 2013 13:14:53 -0400

Thanks Saikrishna!

(Why is it I only notice things like a missing "-" in "CVE 2012-2091" after it's too late to fix them?)

I should have probably mentioned this needs to be applied to Quantal and Precise as well. I'll need to create new bugs for those, correct?

I think that's normally handled via "nominate for series" link, but it appears I don't have privileges to do so. Thanks for the confirmation that Quantal and Precise still need fixing.

Precise is EoL, removing task.