Ubuntu
wesnoth package

the option "turn_cmd" can stall a computer or maybe start another application

Bug #173881 reported by ubuntu_demon on 2007-12-04

254

	Status	Importance	Assigned to
wesnoth (Ubuntu)	Fix Released	Undecided	Stephan Rügamer
Dapper	Fix Released	Undecided	Stephan Rügamer
Edgy	Fix Released	Undecided	Stephan Rügamer
Feisty	Fix Released	Undecided	Stephan Rügamer
Gutsy	Fix Released	Undecided	Stephan Rügamer

Bug Description

Binary package hint: wesnoth

The preference option "turn_cmd" can stall a computer or maybe start another application. Therefor this preference option is removed from wesnoth 1.2.8
1.2.6-1ubuntu2.2 doesn't have this fix according to the changelog.

see :
http://www.wesnoth.org/forum/viewtopic.php?p=264289
http://svn.gna.org/viewcvs/wesnoth/tags/1.2.8/changelog?rev=21944

CVE References

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-04:

Working on it
Here is the bugger...will patch wesnoth

http://svn.gna.org/viewcvs/wesnoth/branches/1.2/src/serialization/preprocessor.cpp?rev=21904&r1=12381&r2=21904

Changed in wesnoth:
assignee:	nobody → shermann
status:	New → In Progress

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-04:

Forget the last link...it's the old one...

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-04:

gutsy debdiff to fix this issue Edit (2.4 KiB, text/plain)

Revision history for this message

ubuntu_demon (ubuntu-demon) wrote on 2007-12-04:

This bug is not a duplicate of bug #158414
This bug is not a duplicate of bug #172783

Wesnoth 1.2.8 fixes two security issues. One is addressed by bug #172783. I reported this bug about the other security issue

Revision history for this message

Emilio Pozuelo Monfort (pochu) wrote on 2007-12-04:

Hardy already has 1.2.8

Changed in wesnoth:
status:	In Progress → Fix Released

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-04:

feisty debdiff to fix this issue Edit (2.4 KiB, text/plain)

Emmet Hikory (persia) on 2007-12-05

Changed in wesnoth:
assignee:	nobody → shermann

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-05:

edgy debdiff which fixes all still opened CVEs Edit (5.8 KiB, text/plain)

Edgy version is still vulnerable to those CVEs...

CVE-2007-3917
CVE-2007-5742
CVE-2007-6201

Changed in wesnoth:
assignee:	nobody → shermann
status:	New → In Progress
status:	New → In Progress

Stephan Rügamer (sruegamer) on 2007-12-05

Changed in wesnoth:
status:	New → In Progress
status:	New → In Progress
assignee:	nobody → shermann

Stephan Rügamer (sruegamer) on 2007-12-05

Changed in wesnoth:
assignee:	nobody → shermann

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-05:

dapper debdiff to fix all issues Edit (6.2 KiB, text/plain)

Dapper version is still vulnerable to those CVEs:

CVE-2007-3917
CVE-2007-5742
CVE-2007-6201

Jamie Strandboge (jdstrand) on 2008-01-08

Changed in wesnoth:
status:	In Progress → Fix Released
status:	In Progress → Fix Released
status:	In Progress → Fix Released
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuwesnoth package

the option "turn_cmd" can stall a computer or maybe start another application

Bug Description

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
wesnoth package