Updated scummvm packages fix security vulnerability
Publication date: 14 Jun 2018Modification date: 14 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17528
Description
Updated scummvm package fixes security vulnerability ScummVM 1.8.1's POSIX backend does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL (CVE-2017-17528). This update fixes it, and updates ScummVM to the latest 2.0.0 upstream release, adding support for 23 new games, and several bug fixes.
References
SRPMS
6/core
- scummvm-2.0.0-1.mga6