Debian Security Advisory
DLA-202-1 wesnoth-1.8 -- LTS security update
- Date Reported:
- 17 Apr 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-0844.
- More information:
Ignacio R. Morelle discovered that missing path restrictions in the
Battle of Wesnothgame could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded.
For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.8.5-1+deb6u1. See DSA-3218-1 for the versions of the other releases.