wesnoth (1.2.3-0ubuntu1.1) feisty-security; urgency=low * SECURITY UPDATE: Fix insecure truncate of a multibyte chat message that can lead to invalid utf-8 and throw an uncaught exception. Both wesnoth client and server are affected. * debian/patches/CVE-2007-3917: added, taken from Debian. * References: CVE-2007-3917. LP: #158414.
* SECURITY UPDATE: Do not allow '../' in file paths. It allowed others to view the content of files in the remote computers. * debian/patches/CVE-2007-5742: added, taken from upstream SVN r21904. * References: CVE-2007-5742. LP: #172783. -- Emilio Pozuelo Monfort <[EMAIL PROTECTED]> Sun, 02 Dec 2007 22:07:37 +0100 -- wesnoth exploit allows others to view the content of files on a remote computer https://bugs.launchpad.net/bugs/172783 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs