| Summary: | <games-strategy/freeciv-2.2.1: arbitrary command execution (CVE-2010-2445) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | erkiferenc, games, jaak, steffen, zeev.tarantov |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://gna.org/bugs/?15624 | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 329957 | ||
| Bug Blocks: | |||
|
Description
Stefan Behte (RETIRED)
2010-07-26 15:53:17 UTC
games-strategy/freeciv-2.2.1 is in portage and stable for x85 and amd64. Just test & stable it for other arches. The oldest 2.2 in the tree is now 2.2.1, and there's no 2.3 in the tree, so I think this can be closed. @security, fixed versions are in tree. From secunia I see: The security issue exists due to the Lua run time environment allowing access to the operating system specific modules and functions. This can be exploited to execute arbitrary shell commands via a specially crafted saved game or scenario file. We should move it to B2? If not please proceed with glsa vote. Thanks. Yes, I believe this should be B2. GLSA request filed. Is this still valid? This issue was resolved and addressed in GLSA 201402-07 at http://security.gentoo.org/glsa/glsa-201402-07.xml by GLSA coordinator Chris Reffett (creffett). |