Advisories » MGASA-2015-0154

Updated wesnoth packages fix CVE-2015-0844

Publication date: 15 Apr 2015
Modification date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0844

Description

Updated wesnoth packages fix security vulnerability

A severe security vulnerability in Battle of Wesnoth's game client was found
which could allow a malicious user to obtain personal files and information
from other players in networked multiplayer games using the built-in WML/Lua
API on any platform (CVE-2015-0844).

Upstream announces that all content currently on the official Wesnoth.org
add-ons server (add-ons.wesnoth.org) has been inspected to confirm that none
of it exploits this vulnerability.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15685
• http://forums.wesnoth.org/viewtopic.php?t=41872
• https://github.com/wesnoth/wesnoth/commit/af61f9fdd15cd439da9e2fe5fa39d174c923eaae
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0844

SRPMS

4/core

• wesnoth-1.10.7-2.1.mga4