Bug#917023: CVE-2018-1000825
Hi, On Fri, Dec 21, 2018 at 04:45:05PM +0100, Moritz Muehlenhoff wrote: > Package: freecol > Severity: normal > Tags: security > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000825: > https://0dd.zone/2018/10/28/freecol-XXE/ > https://github.com/FreeCol/freecol/issues/26 This issue has been fixed upstream with https://github.com/FreeCol/freecol/commit/8963506897e3270a75b062f28486934bcb79b1e3 . Regards, Salvatore
Bug#917023: CVE-2018-1000825
Package: freecol Severity: normal Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000825: https://0dd.zone/2018/10/28/freecol-XXE/ https://github.com/FreeCol/freecol/issues/26 This is fairly short of details and could be totally bogus; it's not really stated whether that XML data is actually something which might potentially come from an external source (e.g. someone sending you a save game file, pretty far-fetched to begin with) or whether the XML data is all game data which is shipped via the game data. Cheers, Moritz