2009-03-01 20:43:48 |
Rhonda D'Vine |
bug |
|
|
added bug |
2009-03-01 20:43:48 |
Rhonda D'Vine |
bug |
|
|
added attachment 'wesnoth_1.4-1ubuntu0.1.interdiff.gz' (fixes CVE-2009-0367 and a memory exhaustion bug) |
2009-03-01 20:44:15 |
Rhonda D'Vine |
who_made_private |
rhonda |
|
|
2009-03-08 14:46:12 |
Iain Lane |
wesnoth: status |
New |
In Progress |
|
2009-03-08 14:46:12 |
Iain Lane |
wesnoth: statusexplanation |
|
|
|
2009-03-10 18:09:41 |
Kees Cook |
wesnoth: status |
In Progress |
Incomplete |
|
2009-03-10 18:09:41 |
Kees Cook |
wesnoth: statusexplanation |
|
Comparing the fixes that Debian performed[1], I think this patch may additionally require fixes for CVE-2009-0366. Also, please follow the changelog format in the Security Update Procedures[2], since that will make it easier for us to examine the patches.
I do have a worry that just ripping out Python is the wrong approach to take with this bug, as that drops features as well. However, in the light of upstream's response to the bug (they did the same), I think it makes sense. Will there be AIs that no longer work if this code is removed from wesnoth?
[1] http://packages.debian.org/changelogs/pool/main/w/wesnoth/current/changelog
[2] https://wiki.ubuntu.com/SecurityUpdateProcedures |
|
2009-03-10 18:15:55 |
Kees Cook |
wesnoth: status |
Incomplete |
Invalid |
|
2009-03-10 18:15:55 |
Kees Cook |
wesnoth: statusexplanation |
|
|
|
2009-03-10 19:21:07 |
Kees Cook |
wesnoth: status |
New |
Incomplete |
|
2009-03-10 19:21:07 |
Kees Cook |
wesnoth: statusexplanation |
|
|
|
2009-03-10 19:21:29 |
Kees Cook |
wesnoth: status |
New |
Incomplete |
|
2009-03-10 19:21:29 |
Kees Cook |
wesnoth: statusexplanation |
|
|
|
2009-03-10 19:22:07 |
Kees Cook |
wesnoth: status |
New |
Incomplete |
|
2009-03-10 19:22:07 |
Kees Cook |
wesnoth: statusexplanation |
|
|
|
2009-03-10 19:34:27 |
Kees Cook |
title |
proposed diff for hardy-security |
Wesnoth security fixes |
|
2009-03-16 18:15:50 |
Kees Cook |
wesnoth (Ubuntu Intrepid): status |
Incomplete |
In Progress |
|
2009-03-19 14:30:39 |
Jamie Strandboge |
wesnoth: status |
Incomplete |
Confirmed |
|
2009-03-19 14:30:51 |
Jamie Strandboge |
wesnoth: status |
Incomplete |
Confirmed |
|
2009-03-19 14:52:20 |
Jamie Strandboge |
wesnoth: status |
In Progress |
Confirmed |
|
2009-03-19 14:53:06 |
Jamie Strandboge |
wesnoth (Ubuntu Gutsy): status |
Confirmed |
In Progress |
|
2009-03-19 14:53:08 |
Jamie Strandboge |
wesnoth (Ubuntu Hardy): status |
Confirmed |
In Progress |
|
2009-03-20 13:27:50 |
Jamie Strandboge |
wesnoth: status |
In Progress |
Fix Released |
|
2009-03-20 13:27:50 |
Jamie Strandboge |
wesnoth: statusexplanation |
|
wesnoth (1:1.4-1ubuntu0.1) hardy-security; urgency=low
* Upload to fix several severe problems:
- Compile with --disable-python because the python AI support allowed to
break out of sandbox and allowed execution of abitrary code
(CVE-2009-0367, Upstream Bug #13048). Don't install data/ais into
wesnoth-data package anymore, and remove python-dev from
Build-Dependencies.
- Pull wesnoth-did-ai-fix patch from upstream svn r33013 to make it still
work after above changes.
- Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of
wesnoth/exhausting system memory (Upstream Bug #13031)
-- Gerfried Fuchs < rhonda@debian.at> Sun, 01 Mar 2009 21:05:56 +0100 |
|
2009-03-20 13:28:19 |
Jamie Strandboge |
wesnoth: status |
In Progress |
Fix Released |
|
2009-03-20 13:28:19 |
Jamie Strandboge |
wesnoth: statusexplanation |
|
wesnoth (1.2.6-1ubuntu2.5) gutsy-security; urgency=low
* Upload to fix a severe problem:
- Compile with --disable-python because the python AI support allowed to
break out of sandbox and allowed execution of abitrary code
(CVE-2009-0367, Upstream Bug #13048). Remove python-dev from
Build-Dependencies.
|
|
2009-03-20 13:59:59 |
Jamie Strandboge |
wesnoth: status |
Confirmed |
In Progress |
|
2009-03-20 13:59:59 |
Jamie Strandboge |
wesnoth: assignee |
|
jdstrand |
|
2009-03-20 14:05:44 |
Jamie Strandboge |
bug |
|
|
added attachment 'wesnoth_1.4.5-1ubuntu0.1.debdiff' (wesnoth_1.4.5-1ubuntu0.1.debdiff) |
2009-03-20 16:00:54 |
Jamie Strandboge |
bug |
|
|
added attachment 'wesnoth_1.4.5-1ubuntu0.2.debdiff' (wesnoth_1.4.5-1ubuntu0.2.debdiff) |
2009-03-20 16:06:50 |
Jamie Strandboge |
wesnoth: status |
In Progress |
Fix Committed |
|
2009-03-20 18:36:14 |
Launchpad Janitor |
wesnoth: status |
Fix Committed |
Fix Released |
|
2009-03-25 14:56:16 |
Jamie Strandboge |
bug |
|
|
added attachment 'wesnoth_1.2.6-1ubuntu2.5.interdiff.gz' (wesnoth_1.2.6-1ubuntu2.5.interdiff.gz) |
2010-01-08 14:36:35 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/intrepid-security/wesnoth |
|