Advisories ยป MGASA-2015-0154

Updated wesnoth packages fix CVE-2015-0844

Publication date: 15 Apr 2015
Modification date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0844

Description

Updated wesnoth packages fix security vulnerability

A severe security vulnerability in Battle of Wesnoth's game client was found
which could allow a malicious user to obtain personal files and information
from other players in networked multiplayer games using the built-in WML/Lua
API on any platform (CVE-2015-0844).

Upstream announces that all content currently on the official Wesnoth.org
add-ons server (add-ons.wesnoth.org) has been inspected to confirm that none
of it exploits this vulnerability.
                

References

SRPMS

4/core