Gerfried Fuchs wrote: > tag 453500 pending > thanks > > * Emilio Pozuelo Monfort <[EMAIL PROTECTED]> [2007-11-29 22:42:26 CET]: >> Versions prior to 1.2.7 are affected by a exploit which permits to view the >> content of files in the remote computer. > > No, prior to 1.2.8 and development branches prior to 1.3.12 (not yet > released). 1.2.7 is affected aswell.
Right, I was thinking in 1.2.8 but wrote 1.2.7! Probably because of the
pseudo-header...
>
>> This is CVE-2007-5742.
>
> ... which I am pretty well aware of because it was me who requested a
> CVE ID for the issue. ;)
lol, didn't know that :-)
>
> The upload of 1.2.8 to unstable is sitting in the NEW queue to your
> requested addition of the wesnoth-all package, uploads for
> {old,}stable-security have been prepared and are waiting on the buildds
> in the meantime, too.
>
>> See:
>
> Am extremely well aware of it, you can be assured of that. Just in
> case, the turn_cmd removal problem won't make it through the security
> update, I'll try to get it through stable-proposed-updates. Furthermore,
> your version header was b0rked, there is no 1.2.7-2 version. But I'll
> have to versionize the bug properly anyway, so no worries.
Oh, I forgot the epoch... sorry for that!
Thanks a lot for your work,
Emilio
>
> So long,
> Rhonda
>
signature.asc
Description: OpenPGP digital signature
