*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: wesnoth
Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)
wesnoth (1:1.4.7-4) unstable; urgency=high
* Upload to fix several severe problems:
- Compile with --disable-python because the python AI support allowed to
break out of sandbox and allowed execution of abitrary code
(CVE-2009-0367, Upstream Bug #13048). Don't install data/ais into
wesnoth-data package anymore, and remove python-dev from
Build-Dependencies.
- Pull wesnoth-did-ai-fix patch from upstream svn r33013 to make it still
work after above changes.
- Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of
wesnoth/exhausting system memory (Upstream Bug #13031)
* Pulled patch fix-server-dos from upstream svn r33069 which fixes a DoS
pattern in the server, which came in a bit too late for the release
(CVE-2009-0366, Upstream Bug #13037)
* Fix typo in wesnoth-tools package description noticed by Soliton, thanks.
-- Gerfried Fuchs <rho...@debian.at> Tue, 24 Feb 2009 16:04:59 +0100
Thanks
** Affects: wesnoth (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0367
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0366
--
Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/335089
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
