[Bug 335089] [NEW] Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)
Launchpad Bug Tracker
335089 at bugs.launchpad.net
Fri Feb 27 15:26:46 GMT 2009
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Alessio Treglia (quadrispro):
Binary package hint: wesnoth
Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)
wesnoth (1:1.4.7-4) unstable; urgency=high
* Upload to fix several severe problems:
- Compile with --disable-python because the python AI support allowed to
break out of sandbox and allowed execution of abitrary code
(CVE-2009-0367, Upstream Bug #13048). Don't install data/ais into
wesnoth-data package anymore, and remove python-dev from
Build-Dependencies.
- Pull wesnoth-did-ai-fix patch from upstream svn r33013 to make it still
work after above changes.
- Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of
wesnoth/exhausting system memory (Upstream Bug #13031)
* Pulled patch fix-server-dos from upstream svn r33069 which fixes a DoS
pattern in the server, which came in a bit too late for the release
(CVE-2009-0366, Upstream Bug #13037)
* Fix typo in wesnoth-tools package description noticed by Soliton, thanks.
-- Gerfried Fuchs <rhonda at debian.at> Tue, 24 Feb 2009 16:04:59 +0100
Thanks
** Affects: wesnoth (Ubuntu)
Importance: Medium
Assignee: Alessio Treglia (quadrispro)
Status: In Progress
--
Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)
https://bugs.edge.launchpad.net/bugs/335089
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list