[ubuntu/precise-security] redeclipse 1.2-2ubuntu0.1 (Accepted)

Martin Erik Werner martinerikwerner at gmail.com
Thu Aug 16 06:03:36 UTC 2012


redeclipse (1.2-2ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE:
    Game maps can in cube2-engine games be transmitted either from server
    to client or from client to client, which includes a config file
    (mapname.cfg) which is in "cubescript" format, this makes it possible
    for an attacker to send a malign script via a new map (which must be
    chosen by admin on a server, or created in cooperative editing mode). A
    script like this could trivially read/write to any files which the user
    running the client has access to (it is executed when the client loads
    the map). (LP: #1034148)
    - Add debian/patches/security-text-command-fix.patch
      This patch stops "textedit" commands being able to be run in map-run
      scripts, thus disabling the ability to read/write to user files.

Date: Thu, 02 Aug 2012 15:01:30 +0200
Changed-By: Martin Erik Werner <martinerikwerner at gmail.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/redeclipse/1.2-2ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 02 Aug 2012 15:01:30 +0200
Source: redeclipse
Binary: redeclipse redeclipse-dbg redeclipse-server redeclipse-server-dbg
Architecture: source
Version: 1.2-2ubuntu0.1
Distribution: precise-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Martin Erik Werner <martinerikwerner at gmail.com>
Description: 
 redeclipse - single-player and multi-player first-person ego-shooter
 redeclipse-dbg - debug symbols for the Red Eclipse FPS game
 redeclipse-server - server for the Red Eclipse FPS game
 redeclipse-server-dbg - debug symbols for the Red Eclipse dedicated server
Launchpad-Bugs-Fixed: 1034148
Changes: 
 redeclipse (1.2-2ubuntu0.1) precise-security; urgency=low
 .
   * SECURITY UPDATE:
     Game maps can in cube2-engine games be transmitted either from server
     to client or from client to client, which includes a config file
     (mapname.cfg) which is in "cubescript" format, this makes it possible
     for an attacker to send a malign script via a new map (which must be
     chosen by admin on a server, or created in cooperative editing mode). A
     script like this could trivially read/write to any files which the user
     running the client has access to (it is executed when the client loads
     the map). (LP: #1034148)
     - Add debian/patches/security-text-command-fix.patch
       This patch stops "textedit" commands being able to be run in map-run
       scripts, thus disabling the ability to read/write to user files.
Checksums-Sha1: 
 e23c3e6cd3f761c4d2c8631d440885ace96e6ae6 2357 redeclipse_1.2-2ubuntu0.1.dsc
 cf6d8931b25f5d72f5fb3b6620fc09964faa4f26 18308 redeclipse_1.2-2ubuntu0.1.debian.tar.gz
Checksums-Sha256: 
 4782871bfe62718e4ab8cc2537d9ffabb392b2439fcf58751832f833087d21b1 2357 redeclipse_1.2-2ubuntu0.1.dsc
 02323ae3326512c0e357be0ba87647840f034feb7a457c96dfc8ec0d478607d8 18308 redeclipse_1.2-2ubuntu0.1.debian.tar.gz
Files: 
 9e81f3f242dea2714bd7b03a5461a693 2357 contrib/games optional redeclipse_1.2-2ubuntu0.1.dsc
 370321861ba5ce3b430f2b01ed8c2163 18308 contrib/games optional redeclipse_1.2-2ubuntu0.1.debian.tar.gz
Original-Maintainer: Debian Games Team <pkg-games-devel at lists.alioth.debian.org>


More information about the Precise-changes mailing list