Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-202-1 wesnoth-1.8

Debian Security Advisory

DLA-202-1 wesnoth-1.8 -- LTS security update

Date Reported:

17 Apr 2015

Affected Packages:

wesnoth-1.8

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-0844.

More information:

Ignacio R. Morelle discovered that missing path restrictions in the Battle of Wesnoth game could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded.

For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.8.5-1+deb6u1. See DSA-3218-1 for the versions of the other releases.