Chat on our Discord Server
Get the latest version: 3.2Source Code
| Anonymous | Login | Signup for a new account | 2025-06-15 13:48 UTC |  |
| My View | View Issues | Change Log | Roadmap | Doomseeker Issue Support Ranking | Rules | My Account |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0003665 | Doomseeker | [All Projects] Documentation | public | 2019-06-21 21:11 | 2020-01-30 12:58 | ||||
| Reporter | WubTheCaptain | ||||||||
| Assigned To | |||||||||
| Priority | high | Severity | feature | Reproducibility | N/A | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 1.1 | ||||||||
| Target Version | 1.3 | Fixed in Version | 1.3.1 | ||||||
| Summary | 0003665: Missing CVE Identifier for issue 0003660 (remote denial of service in SRB2 engine plugin) | ||||||||
| Description | Pertaining to Doomseeker 1.3 changelogs, I'd like to include a CVE Identifier to refer to the remote denial of service bug in SRB2 engine. I haven't requested one, but intend to do so. | ||||||||
| Steps To Reproduce | See relationships of this issue. | ||||||||
| Additional Information | A vulnerability was found in Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive), distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in Doomseeker 1.3 release with source code patches to the SRB2 plugin (EP_Version 12). References:
| ||||||||
| Attached Files |  CVE Request 712592 for CVE ID Request.eml [^] (8,454 bytes) 2019-06-21 22:21 | ||||||||
 Relationships |
 Notes |
|
 (0020796)WubTheCaptain (reporter) 2019-06-21 21:24 |
As far as I know, the SRB2 engine was released with Doomseeker 1.1. The vulnerability was fixed with two commits: b9a90f1f56e704c5cbeefe83da2f9ce939920278 and ae456aac888cb794ea3292f7f99cb87d6b22a555's change to src/plugins/srb2/srb2masterclient.cpp. If Zalewa has an intention to release a Doomseeker 1.3 beta channel update, I can reference that as a version number where the bug is first fixed (for affected versions). |
|
(0020797) WubTheCaptain (reporter) 2019-06-21 22:19 |
CVE ID requested, waiting. |
|
(0020811) WubTheCaptain (reporter) 2019-06-23 02:49 |
Quote from WubTheCaptain I am still waiting for a response, which may take until early next week (Monday-ish?). |
|
(0020830) WubTheCaptain (reporter) 2019-06-24 22:15 |
Nothing to report yet. I'll give it few more days. |
|
(0020844) WubTheCaptain (reporter) 2019-06-28 17:47 edited on: 2019-06-28 17:47 |
Use CVE-2019-12968. (Someone acknowledge this issue by setting its status to resolved, thanks!) |
|
(0020925) WubTheCaptain (reporter) 2019-07-28 01:52 |
Reopening. This didn't make it to the changelogs of Doomseeker 1.3 stable release. What do? |
 (0020927)Pol M (developer) 2019-07-28 17:34 edited on: 2019-07-28 19:41 |
PR EDIT: pushed. |
|
(0020930) WubTheCaptain (reporter) 2019-07-29 01:05 |
suspending until we have a tag for new target version/fixed in version |
|
Notes |
|
This issue is already marked as resolved. If you feel that is not the case, please reopen it and explain why. |
|
| Supporters: | No one explicitly supports this issue yet. |
| Opponents: | No one explicitly opposes this issue yet. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2019-06-21 21:11 | WubTheCaptain | New Issue | |
| 2019-06-21 21:11 | WubTheCaptain | Status | new => assigned |
| 2019-06-21 21:11 | WubTheCaptain | Assigned To | => WubTheCaptain |
| 2019-06-21 21:11 | WubTheCaptain | Relationship added | child of 0003660 |
| 2019-06-21 21:24 | WubTheCaptain | Note Added: 0020796 | |
| 2019-06-21 21:51 | WubTheCaptain | Additional Information Updated | View Revisions |
| 2019-06-21 21:52 | WubTheCaptain | Additional Information Updated | View Revisions |
| 2019-06-21 21:54 | WubTheCaptain | Additional Information Updated | View Revisions |
| 2019-06-21 21:55 | WubTheCaptain | Steps to Reproduce Updated | View Revisions |
| 2019-06-21 21:55 | WubTheCaptain | Additional Information Updated | View Revisions |
| 2019-06-21 22:19 | WubTheCaptain | Note Added: 0020797 | |
| 2019-06-21 22:19 | WubTheCaptain | Status | assigned => needs review |
| 2019-06-21 22:21 | WubTheCaptain | File Added: CVE Request 712592 for CVE ID Request.eml | |
| 2019-06-21 22:24 | WubTheCaptain | Additional Information Updated | View Revisions |
| 2019-06-21 22:37 | WubTheCaptain | Product Version | 1.2 => 1.1 |
| 2019-06-22 06:36 | Filystea | Note Added: 0020798 | |
| 2019-06-22 10:28 | WubTheCaptain | Note Deleted: 0020798 | |
| 2019-06-22 11:29 | WubTheCaptain | Additional Information Updated | View Revisions |
| 2019-06-23 02:49 | WubTheCaptain | Note Added: 0020811 | |
| 2019-06-24 22:15 | WubTheCaptain | Note Added: 0020830 | |
| 2019-06-28 17:47 | WubTheCaptain | Note Added: 0020844 | |
| 2019-06-28 17:47 | WubTheCaptain | Assigned To | WubTheCaptain => |
| 2019-06-28 17:47 | WubTheCaptain | Status | needs review => needs testing |
| 2019-06-28 17:47 | WubTheCaptain | Note Edited: 0020844 | View Revisions |
| 2019-06-28 20:45 | Filystea | Note Added: 0020845 | |
| 2019-06-30 05:46 | Zalewa | Status | needs testing => resolved |
| 2019-06-30 05:46 | Zalewa | Fixed in Version | => 1.3 |
| 2019-06-30 05:46 | Zalewa | Resolution | open => fixed |
| 2019-06-30 05:46 | Zalewa | Assigned To | => Zalewa |
| 2019-06-30 05:49 | Zalewa | Note Deleted: 0020845 | |
| 2019-07-28 01:52 | WubTheCaptain | Note Added: 0020925 | |
| 2019-07-28 01:52 | WubTheCaptain | Status | resolved => new |
| 2019-07-28 01:52 | WubTheCaptain | Resolution | fixed => reopened |
| 2019-07-28 01:52 | WubTheCaptain | Fixed in Version | 1.3 => |
| 2019-07-28 01:52 | WubTheCaptain | Target Version | 1.3 => |
| 2019-07-28 17:19 | Pol M | Assigned To | Zalewa => Pol M |
| 2019-07-28 17:19 | Pol M | Status | new => assigned |
| 2019-07-28 17:34 | Pol M | Note Added: 0020927 | |
| 2019-07-28 17:34 | Pol M | Status | assigned => needs review |
| 2019-07-28 19:41 | Pol M | Note Edited: 0020927 | View Revisions |
| 2019-07-28 19:42 | Pol M | Status | needs review => resolved |
| 2019-07-28 19:42 | Pol M | Fixed in Version | => 1.3 |
| 2019-07-28 19:42 | Pol M | Resolution | reopened => fixed |
| 2019-07-29 01:05 | WubTheCaptain | Note Added: 0020930 | |
| 2019-07-29 01:05 | WubTheCaptain | Assigned To | Pol M => |
| 2019-07-29 01:05 | WubTheCaptain | Resolution | fixed => suspended |
| 2019-07-29 01:05 | WubTheCaptain | Fixed in Version | 1.3 => |
| 2019-08-01 05:00 | WubTheCaptain | Target Version | => 1.3.3 |
| 2019-08-01 05:01 | WubTheCaptain | Resolution | suspended => fixed |
| 2019-08-01 05:01 | WubTheCaptain | Fixed in Version | => 1.3.3 |
| 2019-08-01 05:01 | WubTheCaptain | Target Version | 1.3.3 => 1.3 |
| 2020-01-27 20:35 | WubTheCaptain | Fixed in Version | 1.3.3 => 1.3.1 |
| 2020-01-30 12:58 | WubTheCaptain | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2025 MantisBT Team |
 |
ZDoom
Doom Wiki
id Software
Doomworld
Odamex
Doomseeker
Internet Doom Explorer
The Sentinel's Playground Servers