Debian Security Advisory

DLA-202-1 wesnoth-1.8 -- LTS security update

Date Reported:
17 Apr 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-0844.
More information:

Ignacio R. Morelle discovered that missing path restrictions in the Battle of Wesnoth game could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded.

For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.8.5-1+deb6u1. See DSA-3218-1 for the versions of the other releases.