Package: freecol
Severity: normal
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000825:
https://0dd.zone/2018/10/28/freecol-XXE/
https://github.com/FreeCol/freecol/issues/26
This is fairly short of details and could be totally bogus; it's not really
stated whether that XML data is actually something which might potentially
come from an external source (e.g. someone sending you a save game file,
pretty far-fetched to begin with) or whether the XML data is all game data
which is shipped via the game data.
Cheers,
Moritz
