[ubuntu/precise-updates] redeclipse 1.2-2ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Aug 16 06:28:18 UTC 2012
redeclipse (1.2-2ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE:
Game maps can in cube2-engine games be transmitted either from server
to client or from client to client, which includes a config file
(mapname.cfg) which is in "cubescript" format, this makes it possible
for an attacker to send a malign script via a new map (which must be
chosen by admin on a server, or created in cooperative editing mode). A
script like this could trivially read/write to any files which the user
running the client has access to (it is executed when the client loads
the map). (LP: #1034148)
- Add debian/patches/security-text-command-fix.patch
This patch stops "textedit" commands being able to be run in map-run
scripts, thus disabling the ability to read/write to user files.
Date: 2012-08-15 23:05:39.662179+00:00
Changed-By: Martin Erik Werner <martinerikwerner at gmail.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/precise/+source/redeclipse/1.2-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list