Updated wesnoth packages fix security vulnerability
Publication date: 27 Jul 2015Modification date: 27 Jul 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5069 , CVE-2015-5070
Description
Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for
Wesnoth game up to version 1.12.2 included could lead to client-side
authentication information disclosure using maliciously crafted files
with the .pdb extension (CVE-2015-5069, CVE-2015-5070).
This issue has been fixed in version 1.12.4, which also provides a number of
engine and gameplay-related bug fixes. See the referenced code and player
changelogs for a detailed listing.
References
- https://bugs.mageia.org/show_bug.cgi?id=16208
- http://openwall.com/lists/oss-security/2015/06/25/12
- http://forums.wesnoth.org/viewtopic.php?t=42776
- http://forums.wesnoth.org/viewtopic.php?t=42775
- https://github.com/wesnoth/wesnoth/blob/bebd642f7d0b141dd9f0e4b0a566f5b07db6816b/changelog
- https://github.com/wesnoth/wesnoth/blob/bebd642f7d0b141dd9f0e4b0a566f5b07db6816b/players_changelog
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5069
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5070
SRPMS
5/core
- wesnoth-1.12.4-1.mga5