Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 261282 (CVE-2009-0367) - <games-strategy/wesnoth-{1.4.?,1.5.11} sandbox escape and remote arbitrary code execution (CVE-2009-0367)
Summary: <games-strategy/wesnoth-{1.4.?,1.5.11} sandbox escape and remote arbitrary co...
Status: RESOLVED DUPLICATE of bug 260058
Alias: CVE-2009-0367
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [ebuild]
Depends on:
Reported: 2009-03-05 09:33 UTC by Stefan Behte (RETIRED)
Modified: 2009-03-05 16:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-03-05 09:33:22 UTC
CVE-2009-0367 (
  The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows
  remote attackers to escape the sandbox and execute arbitrary code by
  using a whitelisted module that imports an unsafe module, then using
  a hierarchical module name to access the unsafe module through the
  whitelisted module.
Comment 1 Mr. Bones. (RETIRED) gentoo-dev 2009-03-05 16:14:44 UTC

*** This bug has been marked as a duplicate of bug 260058 ***