Summary: | <games-strategy/wesnoth-1.4.7-r1 Python security issue (CVE-2009-{0366,0367}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mr. Bones. (RETIRED) <mr_bones_> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | craig, games |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://mail.gna.org/public/wesnoth-dev/2009-02/msg00036.html | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mr. Bones. (RETIRED)
2009-02-23 20:40:27 UTC
Could be finalized and closed afaict. *** Bug 261282 has been marked as a duplicate of this bug. *** CVE-2009-0367 is fixed in 1.5.11, according to http://www.wesnoth.org/forum/viewtopic.php?t=24247 before closing, we need to investigate attack vectors and impact for a rating and decide on a GLSA. I vote yes on a GLSA fwiw. CVE-2009-0878 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0878): The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height. Sorry, wrong bug nr for CVE... This bug can be closed out game crash, I vote NO. NO, too. Closing. |