Advisories » MGASA-2015-0283

Updated wesnoth packages fix security vulnerability

Publication date: 27 Jul 2015
Modification date: 27 Jul 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5069 , CVE-2015-5070

Description

Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for
Wesnoth game up to version 1.12.2 included could lead to client-side
authentication information disclosure using maliciously crafted files
with the .pdb extension (CVE-2015-5069, CVE-2015-5070).

This issue has been fixed in version 1.12.4, which also provides a number of
engine and gameplay-related bug fixes. See the referenced code and player
changelogs for a detailed listing.
                

References

SRPMS

5/core