Red Hat Bugzilla – Bug 1211237
CVE-2015-0844 wesnoth: information leak via built-in WML/Lua API
Last modified: 2015-04-13 07:52:28 EDT
A flaw was reported in wesnoth, a turn-based strategy game with a fantasy theme: A severe security vulnerability in the game client was found (bug #23440) which could allow a malicious user to obtain personal files and information from other players in networked MP games using the built-in WML/Lua API on any platform. The flaw affects wesnoth 1.12.1 and wesnoth 1.10.7. Release announcement: http://forums.wesnoth.org/viewtopic.php?t=41870 https://raw.githubusercontent.com/wesnoth/wesnoth/1.12.2/changelog Upstream advisory: http://forums.wesnoth.org/viewtopic.php?t=41872 Upstream patch: https://github.com/wesnoth/wesnoth/commit/af61f9fdd15cd439da9e2fe5fa39d174c923eaae
Created wesnoth tracking bugs for this issue: Affects: fedora-all [bug 1211238] Affects: epel-5 [bug 1211239] Affects: epel-6 [bug 1211240]