Security Information / 2015 / Security Information -- DSA-3218-1 wesnoth-1.10

Debian Security Advisory

DSA-3218-1 wesnoth-1.10 -- security update

Date Reported:

10 Apr 2015

Affected Packages:

wesnoth-1.10

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-0844.

More information:

Ignacio R. Morelle discovered that missing path restrictions in the Battle of Wesnoth game could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded.

For the stable distribution (wheezy), this problem has been fixed in version 1.10.3-3+deb7u1.

For the unstable distribution (sid), this problem has been fixed in version 1:1.10.7-2 and in version 1:1.12.1-1 of the wesnoth-1.12 source package.

We recommend that you upgrade your wesnoth-1.10 packages.