CVE-2017-6903 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description 
The current version of ioquake3 (and its forks) receive arbitrary files from server and load them in the context of the ioq3 client. If a malicious attacker ships an arbitrary .so/openAL driver file, it will be loaded by the client process, resulting in arbitrary code execution
Group Package Affected Fixed Severity Status Ticket
AVG-227 urbanterror 2:4.3.2-2 Critical Unknown
References 
https://github.com/Barbatos/ioq3-for-UrbanTerror-4/issues/71
https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/
https://github.com/Barbatos/ioq3-for-UrbanTerror-4/pull/73