MGASA-2015-0283
- Source
- https://advisories.mageia.org/MGASA-2015-0283.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0283.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2015-0283
- Upstream
- Published
- 2015-07-27T17:18:02Z
- Modified
- 2026-04-16T06:23:20.057531162Z
- Summary
- Updated wesnoth packages fix security vulnerability
- Details
-
Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension (CVE-2015-5069, CVE-2015-5070).
This issue has been fixed in version 1.12.4, which also provides a number of engine and gameplay-related bug fixes. See the referenced code and player changelogs for a detailed listing.
- References
-
- https://advisories.mageia.org/MGASA-2015-0283.html
- https://bugs.mageia.org/show_bug.cgi?id=16208
- http://openwall.com/lists/oss-security/2015/06/25/12
- http://forums.wesnoth.org/viewtopic.php?t=42776
- http://forums.wesnoth.org/viewtopic.php?t=42775
- https://github.com/wesnoth/wesnoth/blob/bebd642f7d0b141dd9f0e4b0a566f5b07db6816b/changelog
- https://github.com/wesnoth/wesnoth/blob/bebd642f7d0b141dd9f0e4b0a566f5b07db6816b/players_changelog
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / wesnoth
Package
- Name
- wesnoth
- Purl
- pkg:rpm/mageia/wesnoth?arch=source&distro=mageia-5