CVE-2015-5069

NameCVE-2015-5069
DescriptionThe (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-297-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wesnoth-1.10sourcewheezy1:1.10.3-3+deb7u2
wesnoth-1.10sourcejessie1:1.10.7-2+deb8u1
wesnoth-1.10source(unstable)(unfixed)
wesnoth-1.12source(unstable)1:1.12.4-1
wesnoth-1.13unknownexperimental1:1.13.1-1
wesnoth-1.8sourcesqueeze1:1.8.5-1+deb6u2DLA-297-1
wesnoth-1.8source(unstable)(unfixed)

Notes

https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d
Search for package or bug name: Reporting problems