CVE-2015-5070

NameCVE-2015-5070
DescriptionThe (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-297-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wesnoth-1.10sourcewheezy1:1.10.3-3+deb7u2
wesnoth-1.10sourcejessie1:1.10.7-2+deb8u1
wesnoth-1.10source(unstable)(unfixed)
wesnoth-1.12source(unstable)1:1.12.4-1
wesnoth-1.13unknownexperimental1:1.13.1-1
wesnoth-1.8sourcesqueeze1:1.8.5-1+deb6u2DLA-297-1
wesnoth-1.8source(unstable)(unfixed)

Notes

https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59

Search for package or bug name: Reporting problems