[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
** Changed in: wesnoth (Ubuntu Dapper) Status: In Progress => Fix Released ** Changed in: wesnoth (Ubuntu Edgy) Status: In Progress => Fix Released -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
** Changed in: wesnoth (Ubuntu Edgy) Assignee: (unassigned) => Stephan Hermann (shermann) Status: New => In Progress ** Changed in: wesnoth (Ubuntu Dapper) Assignee: (unassigned) => Stephan Hermann (shermann) Status: New => In Progress -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
Edgy and Dapper are still vulnerable. I'm preparing some fixes for wesnoth regarding https://bugs.edge.launchpad.net/ubuntu/+source/wesnoth/+bug/173881, you'll find at least for edgy (and hopefully dapper) the fixes inside the debdiffs, as well the latest CVE mentioned in the bug above ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-3917 -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
** This bug is no longer a duplicate of bug 158414 denial of service in wesnoth client and server prior 1.2.7 release ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-3917 -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
*** This bug is a duplicate of bug 158414 *** https://bugs.launchpad.net/bugs/158414 ** This bug has been marked a duplicate of bug 158414 denial of service in wesnoth client and server prior 1.2.7 release -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
*** This bug is a duplicate of bug 158414 *** https://bugs.launchpad.net/bugs/158414 1.2.8 has been synced to Hardy. ** Changed in: wesnoth (Ubuntu) Status: Fix Committed => Fix Released -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
wesnoth (1.2.6-1ubuntu2.2) gutsy-security; urgency=low * SECURITY UPDATE: Do not allow '../' in file paths. It allowed others to view the content of files in the remote computers. * debian/patches/CVE-2007-5742: added, taken from upstream SVN r21904. * References: CVE-2007-5742. LP: #172783. -- Emilio Pozuelo Monfort <[EMAIL PROTECTED]> Sun, 02 Dec 2007 21:30:03 +0100 ** Changed in: wesnoth (Ubuntu Gutsy) Status: Fix Committed => Fix Released ** Changed in: wesnoth (Ubuntu Feisty) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-3917 -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
wesnoth (1.2.3-0ubuntu1.1) feisty-security; urgency=low * SECURITY UPDATE: Fix insecure truncate of a multibyte chat message that can lead to invalid utf-8 and throw an uncaught exception. Both wesnoth client and server are affected. * debian/patches/CVE-2007-3917: added, taken from Debian. * References: CVE-2007-3917. LP: #158414. * SECURITY UPDATE: Do not allow '../' in file paths. It allowed others to view the content of files in the remote computers. * debian/patches/CVE-2007-5742: added, taken from upstream SVN r21904. * References: CVE-2007-5742. LP: #172783. -- Emilio Pozuelo Monfort <[EMAIL PROTECTED]> Sun, 02 Dec 2007 22:07:37 +0100 -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
Thanks for preparing these! I've uploaded them to the security queue. They should be published shortly. ** Changed in: wesnoth (Ubuntu Gutsy) Importance: Undecided => High Assignee: (unassigned) => Kees Cook (keescook) Status: New => Fix Committed ** Changed in: wesnoth (Ubuntu) Status: In Progress => Triaged ** Changed in: wesnoth (Ubuntu Feisty) Importance: Undecided => High Assignee: (unassigned) => Kees Cook (keescook) Status: New => Fix Committed ** Changed in: wesnoth (Ubuntu) Status: Triaged => Fix Committed -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
The security updates are available for Gutsy and Feisty at https://launchpad.net/~pochu/+archive Please, test them and let us know whether they work fine. We need some testing to get them in the security repository. So start the game, and see that things work properly (menus, start a campaign, start multiplayer...). Thanks in advance, Emilio -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
This debdiff addresses this bug and bug #158414. ** Attachment added: "feisty.debdiff" http://launchpadlibrarian.net/10694855/feisty.debdiff -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
This is the fix: http://svn.gna.org/viewcvs/wesnoth/branches/1.2/src/serialization/preprocessor.cpp?rev=21904&view=diff&r1=21904&r2=21903&p1=branches/1.2/src/serialization/preprocessor.cpp&p2=/branches/1.2/src/serialization/preprocessor.cpp -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
This debdiff fixes the Gutsy vulnerability. -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
** Attachment added: "gutsy.debdiff" http://launchpadlibrarian.net/10694666/gutsy.debdiff -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
I've requested a sync from Debian in bug #173494 which will address the vulnerability in Hardy. -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
It's OK, don't worry. I don't really think two days will make or break a system, as it's a game. Thank you very much for your efforts. -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
I prepared this package: http://emilio.pozuelo.org/~deb/wesnoth_1.2.8-0ubuntu1.dsc But Debian has merged our changes, so we can sync their version. The problem is that it's waiting in the NEW queue, so it will take some days. -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
I'm working on this. ** Changed in: wesnoth (Ubuntu) Importance: Undecided => High Assignee: (unassigned) => Emilio Pozuelo Monfort (pochu) Status: New => In Progress -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5742 -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172783] Re: wesnoth exploit allows others to view the content of files on a remote computer
I unchecked the privacy of the bug since it's a known one, and has been mentioned at least at happypenguin.org, secunia and the wesnoth forums. I considered thus that keeping this bug hidden would't contribute anything. ** Visibility changed to: Public -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs