*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: wesnoth Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main) wesnoth (1:1.4.7-4) unstable; urgency=high * Upload to fix several severe problems: - Compile with --disable-python because the python AI support allowed to break out of sandbox and allowed execution of abitrary code (CVE-2009-0367, Upstream Bug #13048). Don't install data/ais into wesnoth-data package anymore, and remove python-dev from Build-Dependencies. - Pull wesnoth-did-ai-fix patch from upstream svn r33013 to make it still work after above changes. - Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of wesnoth/exhausting system memory (Upstream Bug #13031) * Pulled patch fix-server-dos from upstream svn r33069 which fixes a DoS pattern in the server, which came in a bit too late for the release (CVE-2009-0366, Upstream Bug #13037) * Fix typo in wesnoth-tools package description noticed by Soliton, thanks. -- Gerfried Fuchs <rho...@debian.at> Tue, 24 Feb 2009 16:04:59 +0100 Thanks ** Affects: wesnoth (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0367 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0366 -- Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main) https://bugs.launchpad.net/bugs/335089 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs