Package: freecol
Severity: normal
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000825:
https://0dd.zone/2018/10/28/freecol-XXE/
https://github.com/FreeCol/freecol/issues/26

This is fairly short of details and could be totally bogus; it's not really
stated whether that XML data is actually something which might potentially
come from an external source (e.g. someone sending you a save game file,
pretty far-fetched to begin with) or whether the XML data is all game data
which is shipped via the game data.

Cheers,
        Moritz
          

Reply via email to