Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)

Bug #335089 reported by Dylan Aïssi on 2009-02-26
Affects Status Importance Assigned to Milestone
wesnoth (Ubuntu)

Bug Description

Binary package hint: wesnoth

Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)

 wesnoth (1:1.4.7-4) unstable; urgency=high
   * Upload to fix several severe problems:
     - Compile with --disable-python because the python AI support allowed to
       break out of sandbox and allowed execution of abitrary code
       (CVE-2009-0367, Upstream Bug #13048). Don't install data/ais into
       wesnoth-data package anymore, and remove python-dev from
     - Pull wesnoth-did-ai-fix patch from upstream svn r33013 to make it still
       work after above changes.
     - Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of
       wesnoth/exhausting system memory (Upstream Bug #13031)
   * Pulled patch fix-server-dos from upstream svn r33069 which fixes a DoS
     pattern in the server, which came in a bit too late for the release
     (CVE-2009-0366, Upstream Bug #13037)
   * Fix typo in wesnoth-tools package description noticed by Soliton, thanks.
 -- Gerfried Fuchs <email address hidden> Tue, 24 Feb 2009 16:04:59 +0100


CVE References

Rhonda D'Vine (rhonda) wrote :

Thanks for this, Dylan. I was about to look around for one of my usual suspects to ping them about the issue. Glad I didn't have to do that. :)

Changed in wesnoth:
assignee: nobody → quadrispro
importance: Undecided → Medium
status: New → In Progress
Alessio Treglia (quadrispro) wrote :

Sync request ACK'd.

Changed in wesnoth:
assignee: quadrispro → nobody
status: In Progress → Confirmed
Jamie Strandboge (jdstrand) wrote :

[Updating] wesnoth (1:1.4.7-3 [Ubuntu] < 1:1.4.7-4 [Debian])
 * Trying to add wesnoth...
  - <wesnoth_1.4.7-4.diff.gz: downloading from>
  - <wesnoth_1.4.7.orig.tar.gz: already in distro - downloading from librarian>
  - <wesnoth_1.4.7-4.dsc: downloading from>
I: wesnoth [universe] -> wesnoth-data_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-core_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-dbg_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-all_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-music_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-server_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-editor_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-tools_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-httt_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-tsg_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-trow_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-ttb_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-ei_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-utbs_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-did_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-nr_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-sof_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-sotbe_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-l_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-aoi_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-thot_1:1.4.7-3 [universe].

Changed in wesnoth:
status: Confirmed → Fix Released

* Gerfried Fuchs <email address hidden> [2009-02-26 22:14:37 CET]:
> Thanks for this, Dylan. I was about to look around for one of my usual
> suspects to ping them about the issue. Glad I didn't have to do that. :)

 Ah yes, if you need help with extracting/applying the diff for the
other ubuntu releases, just give me a call and I'll take a look what I
can do. Please don't forget about them. :)


To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers