tag 453500 pending thanks * Emilio Pozuelo Monfort <[EMAIL PROTECTED]> [2007-11-29 22:42:26 CET]: > Versions prior to 1.2.7 are affected by a exploit which permits to view the > content of files in the remote computer.
No, prior to 1.2.8 and development branches prior to 1.3.12 (not yet released). 1.2.7 is affected aswell. > This is CVE-2007-5742. ... which I am pretty well aware of because it was me who requested a CVE ID for the issue. ;) The upload of 1.2.8 to unstable is sitting in the NEW queue to your requested addition of the wesnoth-all package, uploads for {old,}stable-security have been prepared and are waiting on the buildds in the meantime, too. > See: Am extremely well aware of it, you can be assured of that. Just in case, the turn_cmd removal problem won't make it through the security update, I'll try to get it through stable-proposed-updates. Furthermore, your version header was b0rked, there is no 1.2.7-2 version. But I'll have to versionize the bug properly anyway, so no worries. So long, Rhonda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]