wesnoth (1.2.3-0ubuntu1.1) feisty-security; urgency=low
* SECURITY UPDATE: Fix insecure truncate of a multibyte chat message that
can lead to invalid utf-8 and throw an uncaught exception. Both wesnoth
client and server are affected.
* debian/patches/CVE-2007-3917: added, taken from Debian.
* References: CVE-2007-3917.
LP: #158414.
* SECURITY UPDATE: Do not allow '../' in file paths. It allowed others
to view the content of files in the remote computers.
* debian/patches/CVE-2007-5742: added, taken from upstream SVN r21904.
* References:
CVE-2007-5742.
LP: #172783.
-- Emilio Pozuelo Monfort <[EMAIL PROTECTED]> Sun, 02 Dec 2007
22:07:37 +0100
** Changed in: wesnoth (Ubuntu Feisty)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5742
--
denial of service in wesnoth client and server prior 1.2.7 release
https://bugs.launchpad.net/bugs/158414
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
