Comment 13 for bug 172783

wesnoth (1.2.3-0ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: Fix insecure truncate of a multibyte chat message that
    can lead to invalid utf-8 and throw an uncaught exception. Both wesnoth
    client and server are affected.
  * debian/patches/CVE-2007-3917: added, taken from Debian.
  * References: CVE-2007-3917.
    LP: #158414.

  * SECURITY UPDATE: Do not allow '../' in file paths. It allowed others
    to view the content of files in the remote computers.
  * debian/patches/CVE-2007-5742: added, taken from upstream SVN r21904.
  * References:
    CVE-2007-5742.
    LP: #172783.

 -- Emilio Pozuelo Monfort <email address hidden> Sun, 02 Dec 2007 22:07:37 +0100