Ubuntu
wesnoth package

Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)

Bug #335089 reported by Dylan Aïssi
256
Affects Status Importance Assigned to Milestone
wesnoth (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: wesnoth

Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)

 wesnoth (1:1.4.7-4) unstable; urgency=high
   * Upload to fix several severe problems:
     - Compile with --disable-python because the python AI support allowed to
       break out of sandbox and allowed execution of abitrary code
       (CVE-2009-0367, Upstream Bug #13048). Don't install data/ais into
       wesnoth-data package anymore, and remove python-dev from
       Build-Dependencies.
     - Pull wesnoth-did-ai-fix patch from upstream svn r33013 to make it still
       work after above changes.
     - Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of
       wesnoth/exhausting system memory (Upstream Bug #13031)
   * Pulled patch fix-server-dos from upstream svn r33069 which fixes a DoS
     pattern in the server, which came in a bit too late for the release
     (CVE-2009-0366, Upstream Bug #13037)
   * Fix typo in wesnoth-tools package description noticed by Soliton, thanks.
 -- Gerfried Fuchs <email address hidden> Tue, 24 Feb 2009 16:04:59 +0100

Thanks

CVE References

Revision history for this message
Rhonda D'Vine (rhonda) wrote :

Thanks for this, Dylan. I was about to look around for one of my usual suspects to ping them about the issue. Glad I didn't have to do that. :)

Alessio Treglia (quadrispro)
Changed in wesnoth:
assignee: nobody → quadrispro
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Alessio Treglia (quadrispro) wrote :

Sync request ACK'd.

Changed in wesnoth:
assignee: quadrispro → nobody
status: In Progress → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

[Updating] wesnoth (1:1.4.7-3 [Ubuntu] < 1:1.4.7-4 [Debian])
 * Trying to add wesnoth...
  - <wesnoth_1.4.7-4.diff.gz: downloading from http://ftp.debian.org/debian/>
  - <wesnoth_1.4.7.orig.tar.gz: already in distro - downloading from librarian>
  - <wesnoth_1.4.7-4.dsc: downloading from http://ftp.debian.org/debian/>
I: wesnoth [universe] -> wesnoth-data_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-core_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-dbg_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-all_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-music_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-server_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-editor_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-tools_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-httt_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-tsg_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-trow_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-ttb_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-ei_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-utbs_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-did_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-nr_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-sof_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-sotbe_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-l_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-aoi_1:1.4.7-3 [universe].
I: wesnoth [universe] -> wesnoth-thot_1:1.4.7-3 [universe].

Changed in wesnoth:
status: Confirmed → Fix Released
Revision history for this message
Rhonda D'Vine (rhonda) wrote : Re: [Bug 335089] Re: Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)

* Gerfried Fuchs <email address hidden> [2009-02-26 22:14:37 CET]:
> Thanks for this, Dylan. I was about to look around for one of my usual
> suspects to ping them about the issue. Glad I didn't have to do that. :)

 Ah yes, if you need help with extracting/applying the diff for the
other ubuntu releases, just give me a call and I'll take a look what I
can do. Please don't forget about them. :)

 Thanks,
Rhonda

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.