From ${URL} : A flaw was reported in wesnoth, a turn-based strategy game with a fantasy theme: A severe security vulnerability in the game client was found (bug #23440) which could allow a malicious user to obtain personal files and information from other players in networked MP games using the built-in WML/Lua API on any platform. The flaw affects wesnoth 1.12.1 and wesnoth 1.10.7. Release announcement: http://forums.wesnoth.org/viewtopic.php?t=41870 https://raw.githubusercontent.com/wesnoth/wesnoth/1.12.2/changelog Upstream advisory: http://forums.wesnoth.org/viewtopic.php?t=41872 Upstream patch: https://github.com/wesnoth/wesnoth/commit/af61f9fdd15cd439da9e2fe5fa39d174c923eaae @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2015-0844 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0844): The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
wesnoth 1.12.1 is no longer in portage
GLSA Vote: No