Debian Security Advisory
DSA-3218-1 wesnoth-1.10 -- security update
- Date Reported:
- 10 Apr 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-0844.
- More information:
Ignacio R. Morelle discovered that missing path restrictions in the
Battle of Wesnothgame could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded.
For the stable distribution (wheezy), this problem has been fixed in version 1.10.3-3+deb7u1.
For the unstable distribution (sid), this problem has been fixed in version 1:1.10.7-2 and in version 1:1.12.1-1 of the wesnoth-1.12 source package.
We recommend that you upgrade your wesnoth-1.10 packages.