Comment 16 for bug 336396

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wesnoth - 1:1.4.5-1ubuntu0.2

---------------
wesnoth (1:1.4.5-1ubuntu0.2) intrepid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via python AI (LP: #336396)
    - debian/control: remove python-dev from Build-Dependencies
    - debian/rules: Compile with --disable-python
    - debian/wesnoth-data.install: Don't install data/ais into
    - debian/patches/04wesnoth-did-ai-fix: upstream svn r33013 for above
      changes
    - Patch based on work by Gerfried Fuchs
    - CVE-2009-0367
  * SECURITY UPDATE: denial of service large compressed WML document
    - debian/patches/03fix-server-dos: check size of WML document in
      simple_wml.cpp
    - Patch based on work by Gerfried Fuchs
    - CVE-2009-0366
  * SECURITY UPDATE: denial of service via crafted map
    - debian/patches/05limit-mapsize: verify map size in
      terrain_translation.cpp and terrain_translation.hpp
    - Patch based on work by Gerfried Fuchs
    - CVE-2009-0878

 -- Jamie Strandboge <email address hidden> Fri, 20 Mar 2009 08:35:09 -0500