[ubuntu/precise-security] redeclipse 1.2-2ubuntu0.1 (Accepted)
Martin Erik Werner
martinerikwerner at gmail.com
Thu Aug 16 06:03:36 UTC 2012
redeclipse (1.2-2ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE:
Game maps can in cube2-engine games be transmitted either from server
to client or from client to client, which includes a config file
(mapname.cfg) which is in "cubescript" format, this makes it possible
for an attacker to send a malign script via a new map (which must be
chosen by admin on a server, or created in cooperative editing mode). A
script like this could trivially read/write to any files which the user
running the client has access to (it is executed when the client loads
the map). (LP: #1034148)
- Add debian/patches/security-text-command-fix.patch
This patch stops "textedit" commands being able to be run in map-run
scripts, thus disabling the ability to read/write to user files.
Date: Thu, 02 Aug 2012 15:01:30 +0200
Changed-By: Martin Erik Werner <martinerikwerner at gmail.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/redeclipse/1.2-2ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 02 Aug 2012 15:01:30 +0200
Source: redeclipse
Binary: redeclipse redeclipse-dbg redeclipse-server redeclipse-server-dbg
Architecture: source
Version: 1.2-2ubuntu0.1
Distribution: precise-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Martin Erik Werner <martinerikwerner at gmail.com>
Description:
redeclipse - single-player and multi-player first-person ego-shooter
redeclipse-dbg - debug symbols for the Red Eclipse FPS game
redeclipse-server - server for the Red Eclipse FPS game
redeclipse-server-dbg - debug symbols for the Red Eclipse dedicated server
Launchpad-Bugs-Fixed: 1034148
Changes:
redeclipse (1.2-2ubuntu0.1) precise-security; urgency=low
.
* SECURITY UPDATE:
Game maps can in cube2-engine games be transmitted either from server
to client or from client to client, which includes a config file
(mapname.cfg) which is in "cubescript" format, this makes it possible
for an attacker to send a malign script via a new map (which must be
chosen by admin on a server, or created in cooperative editing mode). A
script like this could trivially read/write to any files which the user
running the client has access to (it is executed when the client loads
the map). (LP: #1034148)
- Add debian/patches/security-text-command-fix.patch
This patch stops "textedit" commands being able to be run in map-run
scripts, thus disabling the ability to read/write to user files.
Checksums-Sha1:
e23c3e6cd3f761c4d2c8631d440885ace96e6ae6 2357 redeclipse_1.2-2ubuntu0.1.dsc
cf6d8931b25f5d72f5fb3b6620fc09964faa4f26 18308 redeclipse_1.2-2ubuntu0.1.debian.tar.gz
Checksums-Sha256:
4782871bfe62718e4ab8cc2537d9ffabb392b2439fcf58751832f833087d21b1 2357 redeclipse_1.2-2ubuntu0.1.dsc
02323ae3326512c0e357be0ba87647840f034feb7a457c96dfc8ec0d478607d8 18308 redeclipse_1.2-2ubuntu0.1.debian.tar.gz
Files:
9e81f3f242dea2714bd7b03a5461a693 2357 contrib/games optional redeclipse_1.2-2ubuntu0.1.dsc
370321861ba5ce3b430f2b01ed8c2163 18308 contrib/games optional redeclipse_1.2-2ubuntu0.1.debian.tar.gz
Original-Maintainer: Debian Games Team <pkg-games-devel at lists.alioth.debian.org>
More information about the Precise-changes
mailing list