wesnoth exploit allows others to view the content of files on a remote computer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wesnoth (Ubuntu) |
Fix Released
|
High
|
Emilio Pozuelo Monfort | ||
Dapper |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Edgy |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Feisty |
Fix Released
|
High
|
Kees Cook | ||
Gutsy |
Fix Released
|
High
|
Kees Cook |
Bug Description
Binary package hint: wesnoth
I reproduce the relevant part of the forum thread regarding the release of Wesnoth 1.2.8:
"This is a bugfix release for 1.2 and it is compatible with the other 1.2 versions. The main reason for this release was an important security fix. This issue was filed as CVE-2007-5742, it did allow others to view the content of files on the remote computer. We did now fix this problem by removing the option to use ../ in paths. "
Furthermore, I add the Secunia vulnerability link:
http://
I'm sorry if this has been reported before, but better safe than sorry. The only related thing I saw was bug #158414 and it is fixed.
PS: The full Wesnoth release thread is available here:
http://
Changed in wesnoth: | |
assignee: | nobody → shermann |
status: | New → In Progress |
assignee: | nobody → shermann |
status: | New → In Progress |
Changed in wesnoth: | |
status: | In Progress → Fix Released |
status: | In Progress → Fix Released |
I unchecked the privacy of the bug since it's a known one, and has been mentioned at least at happypenguin.org, secunia and the wesnoth forums. I considered thus that keeping this bug hidden would't contribute anything.