* SECURITY UPDATE: Fix insecure truncate of a multibyte chat message that
can lead to invalid utf-8 and throw an uncaught exception. Both wesnoth
client and server are affected.
* debian/patches/CVE-2007-3917: added, taken from Debian.
* References: CVE-2007-3917.
LP: #158414.
* SECURITY UPDATE: Do not allow '../' in file paths. It allowed others
to view the content of files in the remote computers.
* debian/patches/CVE-2007-5742: added, taken from upstream SVN r21904.
* References:
CVE-2007-5742.
LP: #172783.
wesnoth (1.2.3-0ubuntu1.1) feisty-security; urgency=low
* SECURITY UPDATE: Fix insecure truncate of a multibyte chat message that patches/ CVE-2007- 3917: added, taken from Debian.
can lead to invalid utf-8 and throw an uncaught exception. Both wesnoth
client and server are affected.
* debian/
* References: CVE-2007-3917.
LP: #158414.
* SECURITY UPDATE: Do not allow '../' in file paths. It allowed others patches/ CVE-2007- 5742: added, taken from upstream SVN r21904.
to view the content of files in the remote computers.
* debian/
* References:
CVE-2007-5742.
LP: #172783.
-- Emilio Pozuelo Monfort <email address hidden> Sun, 02 Dec 2007 22:07:37 +0100