Launchpad has imported 3 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=846368.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-08-07T15:05:04+00:00 Vincent wrote: A flaw was found in the way Red Eclipse handled config files. In cube2-engine games, game maps can be transmitted either from the server to a client, or from client to client. These maps include a config file (mapname.cfg) in "cubescript" format, which allows for an attacker to send a malicious script via a new map. This map must either be chosen by an administrator on the server, or created in co-operative editing mode. A malicious script could then be used to read or write to any files that the user running the client has access to when the victim loads a map with the malicious configuration file. This has been corrected upstream: https://sourceforge.net/apps/trac/redeclipse/changeset/3764 Reply at: https://bugs.launchpad.net/ubuntu/+source/redeclipse/+bug/1034148/comments/0 ------------------------------------------------------------------------ On 2012-08-07T15:09:32+00:00 Vincent wrote: Created redeclipse tracking bugs for this issue Affects: fedora-17 [bug 846372] Reply at: https://bugs.launchpad.net/ubuntu/+source/redeclipse/+bug/1034148/comments/1 ------------------------------------------------------------------------ On 2012-08-19T00:26:09+00:00 Fedora wrote: redeclipse-1.2-12.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/redeclipse/+bug/1034148/comments/9 ** Changed in: redeclipse (Fedora) Status: Unknown => Fix Released ** Changed in: redeclipse (Fedora) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1034148 Title: redeclipse: security issues with transmitted map cfgs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redeclipse/+bug/1034148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
