diff -u wesnoth-1.2.6/debian/changelog wesnoth-1.2.6/debian/changelog --- wesnoth-1.2.6/debian/changelog +++ wesnoth-1.2.6/debian/changelog @@ -1,3 +1,20 @@ +wesnoth (1.2.6-1ubuntu2.3) gutsy-security; urgency=low + + * SECURITY UPDATE: + + CVE-2007-6201: Unspecified vulnerability in Wesnoth before 1.2.8 allows + attackers to cause a denial of service (hang) via a "faulty add-on" and + possibly execute other commands via unknown vectors related to the turn_cmd + option. + * debian/patches/CVE-2007-6201.patch: + - Applied patch by upstream + - Link 1: http://svn.gna.org/viewcvs/wesnoth/branches/1.2/src/playsingle_controller.cpp?r2=21907&rev=21907&r1=16732&dir_pagestart=100 + - Link 2: http://svn.gna.org/viewcvs/wesnoth/branches/1.2/src/preferences.cpp?r2=21907&rev=21907&r1=18008&dir_pagestart=100 + * References: + CVE-2007-6201 + http://sourceforge.net/project/shownotes.php?release_id=557098 + + -- Stephan Hermann Tue, 04 Dec 2007 13:22:16 +0100 + wesnoth (1.2.6-1ubuntu2.2) gutsy-security; urgency=low * SECURITY UPDATE: Do not allow '../' in file paths. It allowed others only in patch2: unchanged: --- wesnoth-1.2.6.orig/debian/patches/CVE-2007-6201.patch +++ wesnoth-1.2.6/debian/patches/CVE-2007-6201.patch @@ -0,0 +1,34 @@ +diff -Nur wesnoth-1.2.6/src/playsingle_controller.cpp wesnoth-1.2.6.new/src/playsingle_controller.cpp +--- wesnoth-1.2.6/src/playsingle_controller.cpp 2007-04-10 19:54:07.000000000 +0200 ++++ wesnoth-1.2.6.new/src/playsingle_controller.cpp 2007-12-04 13:21:13.196802130 +0100 +@@ -479,10 +479,6 @@ + gui::show_dialog(*gui_,NULL,"",_("It is now your turn"),gui::MESSAGE); + } + +- const std::string& turn_cmd = preferences::turn_cmd(); +- if(turn_cmd.empty() == false) { +- system(turn_cmd.c_str()); +- } + + //execute gotos - first collect gotos in a list + std::vector gotos; +diff -Nur wesnoth-1.2.6/src/preferences.cpp wesnoth-1.2.6.new/src/preferences.cpp +--- wesnoth-1.2.6/src/preferences.cpp 2007-06-02 09:48:47.000000000 +0200 ++++ wesnoth-1.2.6.new/src/preferences.cpp 2007-12-04 13:20:34.194579505 +0100 +@@ -409,16 +409,6 @@ + prefs["turn_bell"] = (ison ? "yes" : "no"); + } + +-const std::string& turn_cmd() +-{ +- return prefs["turn_cmd"]; +-} +- +-void set_turn_cmd(const std::string& cmd) +-{ +- prefs["turn_cmd"] = cmd; +-} +- + bool message_bell() + { + return prefs["message_bell"] != "no";